Balada Injector malware campaign: It has infected 1 million WordPress sites

Home/Compromised, Data Breach, Exploitation, malicious cyber actors, Malicious extension, Malware/Balada Injector malware campaign: It has infected 1 million WordPress sites

Balada Injector malware campaign: It has infected 1 million WordPress sites

A cyber attack campaign targeting WordPress websites has recently caused significant concern, with experts estimating that up to one million websites may have been compromised. 

Sucuri has reported that the Balad Injector campaign operates in waves, with attacks occurring approximately once a month. To evade blocking lists and other security measures, the attackers use a freshly registered domain name for each wave of attacks.

In recent years, Balada Injector has exploited over 100 domains and a variety of methods to exploit existing security vulnerabilities (such as HTML injection and Site URL). The attackers mainly aimed to obtain database credentials from the wp-config.php file.

The majority of these domain names are usually combinations of two or four English words that are made up of nonsense information like:-

  • sometimesfree[.]biz
  • destinyfernandi[.]com
  • travelfornamewalking[.]ga
  • statisticline[.]com

Injections are performed by the use of URLs on a variety of subdomains within the current wave domain, such as:-

  • java.sometimesfree[.]biz/counter.js – active 2017
  • slow.destinyfernandi[.]com/slow.js – active 2020
  • main.travelfornamewalking[.]ga/stat.js – active 2021
  • cdn.statisticline[.]com/scripts/sway.js – active 2023

The activity, which also uses String.fromCharCode as an obfuscation technique, leads victims to booby-trapped pages that trick them into activating push notifications by masquerading as a fake check CAPTCHA for viewing misleading content.

Recommendations

Here below, we have mentioned all the basic and regular recommendations offered by the security analysts at Sucuri:-

  • Make sure to keep all the website software and plugins updated
  • Also, do not forget to keep your installed themes updated.
  • Always use strong and unique passwords.
  • Ensure implementation of two-factor authentication.
  • Make sure to add file integrity systems.
  • Always take regular backups of your website database.

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2023-04-13T00:16:53+05:30 April 12th, 2023|Compromised, Data Breach, Exploitation, malicious cyber actors, Malicious extension, Malware|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!