Balada Injector Malware Targets Vulnerable WordPress Sites

Reading Time: ( Word Count: )

August 12, 2023
Nextdoorsec-course

The Balada Injector malware continues to thrive, targeting inadequately secured WordPress sites globally and subsequently their visitors, recent findings suggest.

During a standard web surveillance task, the team at Cybernews stumbled upon a compromised WordPress site. This site fell victim to the Balada Injector malware – a Linux-oriented backdoor. This malware exploits known vulnerabilities within WordPress plugins, themes, and other such weak spots. A notable characteristic of the Balada Injector is its periodic, wave-like attack strategy. Roughly every month, it adopts a fresh domain and a new code, attempting to embed this into a WordPress site’s underlying code.

Also Read: Microsoft OneDrive’s Security Vulnerability Exposed at Black Hat Conference

Malware Targets Vulnerable WordPress Sites

This specific website encountered seven distinct malicious code insertions layered on each other. In essence, it underwent seven consecutive hacking onslaughts. The injected code, strategically placed at the top to execute before the site fully loads, aimed to give attackers remote access to compromised systems. Furthermore, it redirected site visitors to alternate web portals running malvertising schemes.

On further investigation of the PHP payloads embedded in the compromised site, the researchers unveiled links to emerging Command & Control (C2) hubs, as well as associated obfuscated JavaScript files utilized in the attack pattern. They identified a total of five URLs responsible for loading malevolent JavaScript onto hijacked sites.

However, there’s a silver lining for potential targets. The Balada Injector’s capabilities are not entirely foolproof. It doesn’t verify if a website has been previously tampered with malicious code. Consequently, instead of displaying the intended landing page, an unintended PHP file download is triggered. This anomaly caught the attention of the Cybernews team and eventually led to the unmasking of the entire hacking endeavor.

Saher Mahmood

Saher Mahmood

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *