"Long-Running Balada Injector Malware Campaign Infects Over 1 Million WordPress Sites"

April 10, 2023 at 10:16 AM

•

1 min read

"Long-Running Balada Injector Malware Campaign Infects Over 1 Million WordPress Sites" — Photo: The Hacker News

TL;DR Summary

Over one million WordPress websites have been infected by the Balada Injector malware campaign since 2017, which exploits known and recently discovered theme and plugin vulnerabilities. The malware allows for the generation of fake WordPress admin users, harvests data stored in the underlying hosts, and leaves backdoors for persistent access. The attacks are engineered to read or download arbitrary site files and search for tools like adminer and phpmyadmin. WordPress users are recommended to keep their website software up-to-date, remove unused plugins and themes, and use strong WordPress admin passwords.

Topics:technology #balada-injector #cyber-attacks #cybersecurity #malware #website-security #wordpress

Share this article

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign The Hacker News
Massive Balada Injector campaign attacking WordPress sites since 2017 BleepingComputer
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

84%

577 → 90 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights