All SEO 
SEO News 
SEO Strategy 
Ask An SEO 
Enterprise SEO 
Google Algorithm Updates 
International SEO 
Link Building 
Local SEO 
Mobile SEO 
On-Page SEO 
Technical SEO 
Vertical SEO 
Wordpress for SEO 
Web Dev for SEO 
SaaS SEO 
E-commerce SEO 
AI-Driven SEO 
All Paid Media 
Paid Media News 
Ask a PPC Expert 
PPC 
Programmatic 
Social Media Advertising 
Video Advertising 
All Content 
Content News 
Content Strategy 
Content Creation 
Content Marketing 
Content Trends 
All Social Media 
Social Strategy 
Social Media Advertising 
Facebook 
Instagram 
LinkedIn 
TikTok 
Twitter 
YouTube 
Reddit 
Whatsapp 
Quora 
Pinterest 
All Digital Marketing 
Affiliate Marketing 
Analytics & Data 
Digital Experience 
Generative AI 
Lead Generation 
Shopify New Balada Injector campaign infects 6,700 WordPress sites
Leveraging pop-up plugins in WordPress for promoting special deals, exclusive discounts, or time-sensitive offers, websites are driving sales or expanding their subscriber base.
If you operate a WordPress site, chances are you’ve developed a lasting friendship with this daily ally.
There are many WP pop-up plugins out there. Each utilizing a different approach to target and re-target potential subscribers.
On the whole, pop-ups witness a positive rating, until they are updated and secured.
Balada Injector Campaign
In a recent targeted campaign initiated in mid-December, over 6,700 WordPress websites employing an outdated version of the Popup Builder plugin have fallen victim to the Balada Injector malware.
Researchers at Dr. Web found a big attack using known problems in WordPress themes and add-ons. They uncovered Balada Injector, a large operation since 2017, which hacked over 17,000 WordPress sites.
The attacks involve adding a backdoor that sends visitors to fake support pages, lottery sites, and push notification scams.
As an example, the new Balada Injector campaign started on December 13, 2023, just two days after WP Scan found a problem called CVE-2023-6000 in Popup Builder versions 4.2.3 and older. This problem is related to cross-site scripting (XSS).
And the concern is that over 200,000 websites have reportedly been using Popup Builder for marketing and re-marketing purposes.
Sucuri, a website security company, found that the Balada Injector swiftly took advantage of a vulnerability in Popup Builder.
First, the attack exploited the “sgpbWillOpen” event, inserting malicious JavaScript into the site’s database when the popup triggered.
Attackers later used an alternate method, altering the “wp-blog-header.php” file to insert the same harmful JavaScript backdoor.
They then identified admin-related cookies to load various scripts, disguising the main backdoor as a plugin named ‘wp-felody.php.’
Researchers found that once a website is breached, the infection process doesn’t stop.
Currently, 6,700 websites have been compromised in the Balada Injector campaign. To protect your WordPress site from Balada injection attacks, make sure to update your themes and plugins to the latest versions.
Also, keep the number of active plugins as low as possible to reduce the risk of automated attacks.
