Nearly 7K WordPress Sites Compromised by Balada Injector

Approximately 6,700 WordPress websites have been infected with the Balada injector malware, after using a Popup Builder plug-in with a cross-site vulnerability tracked as CVE-2023-6000. The Balada injector campaign has been running since 2017 and is an operation that has compromised over a million WordPress sites in the last six years. In the attack, a backdoor is injected to redirect visitors from the legitimate WordPress site to fake support pages and compromised or scam websites. The threat actors in the most recent activity exploited the XSS vulnerability to take over Popup Builder’s “sgpbWillOpen” event and clear the way for malicious JavaScript code injection after the launch of a popup. The vulnerable version of the Popup Builder plug-in has over 200,000 installations, so more infections could be coming. Read More: Nearly 7K WordPress Sites Compromised by Balada Injector Continue the conversation on the OODA Network Slack channel. | Not a member? Join today!

This content was originally published here.