Massive Balada Injector Campaign Compromises Over 17,000 Websites

Notorious Balada Injector campaign has been linked to the compromise of over 17,000 WordPress websites. Balada Injector, discovered in 2022 but believed to have been operational since 2017, weaponizes vulnerabilities in premium WordPress themes and plugins to implant malicious backdoors. Upon infiltration, these backdoors divert website visitors to counterfeit tech support pages, fake lottery wins, push notification hoaxes and other scams. With such a range of deceptive tactics, experts postul