According to a study conducted by Sucuri, the campaign, which it named “Balada Injector,” is prolific and Methuselah-like in its endurance, infecting victim sites with malware at least since 2017. After being injected into the page, the malicious code leads users to a variety of scam websites, such as those offering fake tech support, bogus lottery wins, and push notifications requesting Captcha solutions.
However, behind the scenes, injected scripts look for numerous files, including access logs, error logs, debug information files, database management tools, administrator credentials, and more, that might include any sensitive or potentially helpful information. In addition, backdoors are loaded into the websites for enduring access and, occasionally, site takeover.
While the 1 million statistic represents the total number of sites that have been infected over the past five years, researchers only recently linked all the activities into a single operation. The campaign is still going strong and does not appear to be slowing down.
A Focus on WordPress Plug-in & Theme Vulnerabilities
Sucuri researchers were able to link all of the observed activity to the Balada Injec
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: