Published: December 02, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
WordPress users have another malware to contend with called Balada Injector. The number of websites infected by this sneaky malware doubled in just one month and how many are next is unknown. It’s a distressing situation for the administrators behind the 810 million websites built using WordPress. And in a malware twist, visitors to the infected sites are finding themselves unwitting victims of this malware campaign, too.
Hijacking WordPress Sites
According to Search Logistics, a whopping 43.2% of websites use WordPress to power their sites. So, when malware like Balada Injector lets loose, there’s big reason for concern. The Hacker News reports over one million websites have been exposed to this malware campaign since 2017.
Threat actors use Balada Injector to infect WordPress plug-ins. This allows them to create administrator accounts and remotely activate the infected plug-ins. Hackers then have total control over the infected websites. It’s done in a way where even the website owner has no idea their site has been hijacked. Even worse, visitors to the site become victims themselves, getting caught up in deceptive tricks allowing hackers to monetize the attack.
Victims of infected WordPress sites report seeing spam and being redirected to suspicious websites like fake tech support pages and bogus contest winning. These are common tactics hackers use to steal PII, run phishing scams, and infect devices.
Below are ways to spot and minimize vulnerability to Balada Injector.
Website administrators report an unexpected surge in traffic to their sites, indicating a Balada Injector infection
Website visitors should be aware of spam and website redirection and report it to site administrators
Keep all software updated, especially for websites
Configure websites to provide maximum protection
Consider security monitoring software in addition to security best practices
Staying safe from Balada Injector malware is a mutual effort by WordPress website administrators with the help of site visitors exposed to the dastardly tricks of this malware campaign. Building secure sites from the bottom up and fortifying those already out there is a great start in the fight against Balada Injector.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at email@example.com