According to The Hacker News , as many as 9,000 websites have been compromised through a recently disclosed security vulnerability in the tagDiv Composer plugin for WordPress. This flaw allows hackers to inject malicious code into web application source code without authentication.
Security researchers at Sucuri say this isn't the first time the Balada Injector group has targeted vulnerabilities in tagDiv themes. A large-scale malware infection occurred in the summer of 2017, when two popular WordPress themes, Newspaper and Newsmag, were actively exploited by hackers.
Balada Injector is a large-scale operation first detected by Doctor Web in December 2022, in which the group exploited multiple vulnerabilities in WordPress plugins to deploy backdoors on compromised systems.
Many hacker groups are trying to infect WordPress websites with malware.
The primary purpose of these activities is to redirect users accessing compromised websites to technical support pages, fake lottery results, and fraudulent notifications. Over 1 million websites have been affected by Balada Injector since 2017.
Major activities involved exploiting the CVE-2023-3169 vulnerability to inject malicious code and establish access to websites by installing backdoors, adding malicious plugins, and creating administrators to control the site.
Sucuri describes this as a sophisticated type of automated attack that mimics the process of installing plugins from ZIP archives and activating them. The waves of attacks observed in late September 2023 used random code injection to download and launch malware from remote servers to install the wp-zexit plugin on targeted WordPress websites.
Source link
![[Image] Central Party Office summarizes work in 2025](/_next/image?url=https%3A%2F%2Fvphoto.vietnam.vn%2Fthumb%2F1200x675%2Fvietnam%2Fresource%2FIMAGE%2F2025%2F12%2F18%2F1766065572073_vptw-hoi-nghi-tong-ket-89-1204-jpg.webp&w=3840&q=75)
Comment (0)