Subj : One of the most worrying WordPress malware threats is making a co To : All From : TechnologyDaily Date : Sat Aug 12 2023 08:15:03 One of the most worrying WordPress malware threats is making a comeback Date: Sat, 12 Aug 2023 06:52:08 +0000 Description: Balada Injector is back, compromising WordPress websites across the internet with malicious code. FULL STORY ====================================================================== The Balada Injector malware is alive and kicking, and compromising poorly protected WordPress websites across the internet, as well as using them to target visitors, new research has claimed. A report from researchers at Cybernews claims to have found a compromised WordPress website during a routine web monitoring operation. The compromised website was apparently targeted by the Balada Injector malware - a Linux-based backdoor used to infiltrate websites through common or otherwise known vulnerabilities in WordPress plugins, themes, and similar vulnerabilities. The Balada Injector is known for attacking in waves - every month or so, the injector would use a new domain name, and a new code, which it would try to add to the WordPress sites code. Waves of attacks This particular site has had seven different instances of malicious code added and stacked on top of one another. That means that the website suffered seven waves of hacking attacks. This code, which was added to the very top of the page and would run before the website loaded, was meant to grant the attackers remote access to infected machines and redirect visitors to different websites with malvertising campaigns running. Read more > WordPress plugin exposes half a million sites to attack > How to build a website for free: A guide to creating a site on a budget > Check out the best firewalls out there When the researchers deobfuscated and examined some of the PHP payloads found on the compromised website, they discovered URLs of newly spawned Command & Control (C2) endpoints, and subsequent obfuscated JavaScript files, used in the operation scheme. A total of five URLs were found being accessed to load malicious JavaScript onto exploited websites, the researchers said. The good news for potential victims is that the Balada Injector still isnt as advanced as it could be. It doesnt check if compromised websites have had malicious code added before, and because of that, instead of serving the landing page, the website forced the download of a PHP file, which raised red flags with the researchers and, at the end of the day, helped discover the hacking campaign. These are the best website builders right now ====================================================================== Link to news story: https://www.techradar.com/pro/one-of-the-most-worrying-wordpress-malware-threa ts-is-making-a-comeback --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .