"Balada Injector Still at Large – New Domains Discovered"

Cybernews researchers found an address that shed light on WordPress-orientated "hack waves" caused by the Balada Injector malware. Evidence indicates that the malware is still highly active, evading security software by using new domain names and small changes between surges of obfuscated attacks. The Balada Injector malware family has been active since 2017, using multiple attack vectors and persistence mechanisms. Cybernews observed a likely outcome of seven automated attack waves against a vulnerable WordPress website, each of which added a block of malicious PHP code directly into the index file of the compromised website, executing the malicious scripts when visited. However, the automated attack waves could not determine if a website had been compromised previously. This article continues to discuss findings regarding the hack waves caused by the Balada Injector malware. 

Cybernews reports "Balada Injector Still at Large – New Domains Discovered"