Ongoing APT exploitation campaign since 2017
Balada Injector campaign
Since 2017, the “Balada Injector campaign” continuously ranked in the top three source of infections, according to Sucuri. Active since 2017, yet it seems nobody bothered to intervene. Not even them, just mentioning it on April 6, 2023: Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign.
The campaign initiates fresh waves of attacks every few weeks, using newly registered domains and variations of previously-used malware. We mentioned this type of instant direct attack in our post published in 2017/08/03 – Identified as New WP under 30 min.
The most recent wave of attacks were observed recently, when the campaign exploited a high-severity vulnerability in Elementor page builder. The news is really downplayed, as everywhere, where its reported ONLY 1 MILLION WP sites were infected. Yet, simply Elementor has a 8% market share as today from the WP ecosystem. Their Elementor Pro version, is used by 11 million websites.
Hire professionals to manage your WordPress & WooCommerce from an infrastructure provider located in your country BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your future budget.
