Balada Injector A Large-Scale Malware Campaign Targeting WordPress

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

In September 2023, over 17,000 WordPress websites fell victim to a malware called Balada Injector. The substantial surge in attacks is linked to the exploitation of a recently disclosed security vulnerability found in the tagDiv Composer plugin (CVE-2023-3169). This specific vulnerability allows unauthenticated users to execute stored cross-site scripting (XSS) attacks on vulnerable websites.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.