Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

A severe cyberthreat has been unleashed, exposing a vulnerability in the WordPress environment that has already affected over 7,100 sites. A malware known as Balada Injector, first documented by Doctor Web in 2023, has been exploiting a vulnerability present in the WordPress plugin Popup Builder. The malware utilizes this weakness to inject a backdoor into compromised sites, redirecting unsuspecting visitors to fraudulent pages. This concerted attack spotlights the necessity for website administrators to ensure all plugins are running updated, secure versions to mitigate susceptibility to such malwares.

Published: Mon, 15 Jan 2024 13:15:00 +0530