HQ/EMEAFind out how we can help your business
A recent cybercriminal study showed that Balada Injector had compromised millions of websites for the past five years by exploiting known flaws in WordPress themes and plugins.
Based on reports, the Balada attacks have been in the top category of every website infection for several years. Last year, researchers detected the injector more than 140,000 times on different websites.
These attacks have a consistent number of activities of one wave per month. The attackers utilised customer attack strategies that exploit newly discovered vulnerabilities.
The latest surge of the injector occurred last week, which targeted the Elementor Pro plugin for WordPress. The attack impacted more than 11 million websites.
The Balada Injector commonly attacks new domains.
Investigations reveal that the usual targets of the Balada Injector campaign are newly registered domains that could host malicious scripts. Subsequently, the attack will try to redirect potential victims to scam websites through fake lottery wins, fraudulent tech support, and push notification lures.
These operations use multiple injection strategies, such as arbitrary file injections, flawed reinfections, HTML injections, site_url hacks, and database injections. The attack could also include various infections on a single targeted site.
The campaign also includes post-exploitation activities. In some cases, the campaign malware scans for vulnerable or misconfigured instances of database administration tools like Adminer and phpMyAdmin.
Once the malware identifies the vulnerability, it could generate admin users, launch persistent backdoors, and exfiltrate additional data from the infected websites. Furthermore, the attack could try to use a brute-forcing activity on the WordPress sites by using the set of 74 credentials as admin passwords.
The Balada Injector campaign could exfiltrate data, such as configuration files, access logs, configuration files, backup archives, and other critical data.
This cybercriminal operation leverages numerous attack methods like flaw exploitation, brute-forcing weak credentials, and multiple injections. Cybersecurity experts advise users to adopt a comprehensive approach to cyber defences and practice proper cyber hygiene.
Users should implement strong password policies, a potent patch management system, and regular audits for exposed domains and infrastructure to avoid threats like injections.
