Security News > 2024 > January > New Balada Injector campaign infects 6,700 WordPress sites

New Balada Injector campaign infects 6,700 WordPress sites
2024-01-11 17:44

A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December.

Initially documented by researchers at Dr. Web who observed coordinated attack waves leveraging known flaws in WordPress themes and addons, it was later discovered that Balada Injector was a massivee operation running since 2017 that had compromised more than 17,000 WordPress sites.

The latest Balada Injector campaign launched on December 13, 2023, two days after WPScan reported about CVE-2023-6000, a cross-site scripting flaw in Popup Builder versions 4.2.3 and older.

Currently, the number of websites compromised in the Balada Injector campaign has reached 6,700 websites.

Defending against Balada Injection attacks requires WordPress site admins to update themes and plugins to their latest version, uninstall products that are no longer supported or needed on the website.

WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks.


News URL

https://www.bleepingcomputer.com/news/security/new-balada-injector-campaign-infects-6-700-wordpress-sites/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-01 CVE-2023-6000 Cross-site Scripting vulnerability in Sygnoos Popup Builder
The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.
network
low complexity
sygnoos CWE-79
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157