{"id":408,"date":"2023-04-11T09:52:33","date_gmt":"2023-04-11T09:52:33","guid":{"rendered":"https:\/\/certerassl.com\/blog\/?p=408"},"modified":"2023-04-20T08:23:39","modified_gmt":"2023-04-20T08:23:39","slug":"balada-malware-infects-million-wordpress-websites","status":"publish","type":"post","link":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/","title":{"rendered":"Massive Balada Malware Infects over a Million WordPress Websites"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">Balada Malware Injector Campaign: Over 1 million WordPress sites Infected<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Over the previous six years, an estimated one million WordPress websites have been infected in a sweeping, long-running malicious campaign named &#8220;Balada Injector&#8221; by researchers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">According to Sucuri, a website security firm that works as a separate business division within GoDaddy, the ongoing effort exploits&nbsp;&#8220;all known,&nbsp;recently identified theme and plugin weaknesses&#8221; to insert a Linux backdoor on WordPress sites.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This strategy allowed for varying levels of access, and most times, the exploited vulnerabilities&nbsp;enabled an attacker to extract essential and sensitive information&nbsp;from the hacked websites.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">According to Denis Sinegubko, a senior malware researcher at GoDaddy, &#8220;This campaign is easily identified by its preference for&nbsp;<strong>String.fromCharCode<\/strong>&nbsp;obfuscation, the use of freshly registered domain names hosting malicious scripts on random subdomains, and redirects to various scam sites including&nbsp;fake tech support, fraudulent lottery wins, and more recently,&nbsp;push notification scams,&nbsp;displaying bogus captcha pages asking users to <strong>&#8220;Please Allow to verify, that you are not a robot.&#8221;<\/strong>&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Under the&nbsp;pretense of human verification, the above-mentioned malicious websites\/messages\/mails solicit visitors to allow site notifications by deceiving them into clicking to agree on the notification permission. Once notification rights are given, threat actors can bombard victims with advertisements.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Since 2017, this malicious campaign has consistently been ranked in the top three infections detected and cleaned from afflicted sites by Sucuri.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Every few weeks, this malicious campaign launches new attacks, leveraging newly registered domains and variants of previously used malware. The most recent round of attacks occurred only a few days ago when the campaign targeted a critical vulnerability in WordPress&#8217;s Elementor Pro, a plugin used by 11 million websites.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Extent and Complexity of the Harmful Activity<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Sucuri&nbsp;external website scanner SiteCheck identified this virus over 141,000 times in 2022 alone, with over 67% of websites with restricted resources running scripts from known Balada Injector domains. The researchers&nbsp;said&nbsp;they now&nbsp;have over 100 signatures covering both front-end and back-end malware variants injected into server files and WordPress databases.<\/p>\n\n\n<div class=\"wp-block-image is-style-default\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/typical-balada-injection-sucuri.png\" alt=\"Typical Balada injection (Sucuri)\" class=\"wp-image-411\" width=\"621\" height=\"710\" title=\"Typical Balada injection (Sucuri)\" srcset=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/typical-balada-injection-sucuri.png 828w, https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/typical-balada-injection-sucuri-262x300.png 262w, https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/typical-balada-injection-sucuri-768x878.png 768w\" sizes=\"(max-width: 621px) 100vw, 621px\" \/><figcaption class=\"wp-element-caption\"><strong>Typical Balada injection<\/strong>&nbsp;<em>(Sucuri)<\/em><\/figcaption><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Sucuri has observed site hacks, database injections,&nbsp;HTML injections, and arbitrary file injections.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Due to numerous attack routes, duplicate site infections have occurred, with subsequent&nbsp;surges targeting previously compromised sites. Sucuri cites a scenario in which a website was attacked 311 times with 11 different variants of Balada.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Sinegubko stated, &#8220;The entire time, Balada Injector has been rapidly adding newly disclosed vulnerabilities (and sometimes undisclosed 0-days), occasionally launching massive waves of infections within a few hours of vulnerability disclosure.&#8221;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&#8220;Older vulnerabilities were not immediately discarded after initial rounds of infections, and a few of them remained in usage for an extended time after patches were released.&#8221;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Activity after Infection<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Balada&#8217;s scripts intend to steal sensitive data like database passwords from wp-config.php files, so even if the site owner removes the infection and updates their add-ons, the malicious actor maintains accessibility.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The campaign also looks for backup archives and databases, debug information,&nbsp;access logs, and confidential data files. According to Sucuri, the threat actor routinely updates the targeted file list.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Furthermore, the spyware looks for database management tools such as&nbsp;phpMyAdmin and&nbsp;Adminer.&nbsp;If these tools are susceptible or incorrectly configured, they can create new admin accounts&nbsp;or insert&nbsp;chronic malware into the database.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If these direct breach paths are not accessible, the hackers turn to brute-forcing the admin password by attempting 74 different credentials. The infection generated fraudulent WordPress admin accounts, stole data from underlying servers, and left backdoors for continuing access.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Other Vulnerabilities Found on WordPress<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/certera.com\/blog\/elementor-pro-vulnerability-hackers-exploited-bug\">WordPress Plugin Elementor Pro recently found a Vulnerable<\/a> and Hackers Exploited Bug that endangered millions of sites. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">WordPress security company Patch Stack warns that a critical vulnerability in the Elementor Pro plugin is being used to hijack WordPress websites. According to the security company, The vulnerability allows an attacker to enable a website&#8217;s registration page and set the default user role to an administrator. The attacker can then establish a new user account with administrator credentials, allowing them to redirect the site to a malicious domain or insert malicious code, such as a backdoor plugin.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Malicious attacks targeting this vulnerability have been spotted from different IP addresses, with attackers inserting malicious.zip and.php files.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The issue, which has a CVSS score of 8.8 but no CVE identity, was fixed on March 22 with the release of Elementor Pro version 3.11.7, which &#8216;enhanced code security enforcement in WooCommerce components&#8217;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Balada Malware Injector Campaign: Over 1 million WordPress sites Infected Over the previous six years, an estimated one million WordPress websites have been infected in a sweeping, long-running malicious campaign named &#8220;Balada Injector&#8221; by researchers. According to Sucuri, a website security firm that works as a separate business division within GoDaddy, the ongoing effort exploits&nbsp;&#8220;all<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":410,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[29,33],"class_list":["post-408","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability","tag-cyberattack","tag-vulnerability","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Balada Malware Injector Infects Millions of WordPress Websites<\/title>\n<meta name=\"description\" content=\"The Massive Balada malware has infected more than a million WordPress websites, causing significant concern in the cybersecurity community.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Balada Malware Injector Infects Millions of WordPress Websites\" \/>\n<meta property=\"og:description\" content=\"The Massive Balada malware has infected more than a million WordPress websites, causing significant concern in the cybersecurity community.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/\" \/>\n<meta property=\"og:site_name\" content=\"EncryptedFence by Certera - Web &amp; Cyber Security Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-11T09:52:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-20T08:23:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/wordpress-malware-scaled.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1707\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Janki Mehta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Janki Mehta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/\"},\"author\":{\"name\":\"Janki Mehta\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\"},\"headline\":\"Massive Balada Malware Infects over a Million WordPress Websites\",\"datePublished\":\"2023-04-11T09:52:33+00:00\",\"dateModified\":\"2023-04-20T08:23:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/\"},\"wordCount\":766,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/wordpress-malware-scaled.webp\",\"keywords\":[\"cyberattack\",\"vulnerability\"],\"articleSection\":[\"Vulnerability\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#respond\"]}],\"copyrightYear\":\"2023\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/\",\"name\":\"Balada Malware Injector Infects Millions of WordPress Websites\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/wordpress-malware-scaled.webp\",\"datePublished\":\"2023-04-11T09:52:33+00:00\",\"dateModified\":\"2023-04-20T08:23:39+00:00\",\"description\":\"The Massive Balada malware has infected more than a million WordPress websites, causing significant concern in the cybersecurity community.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/wordpress-malware-scaled.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/wordpress-malware-scaled.webp\",\"width\":2560,\"height\":1707,\"caption\":\"Balada Malware - WordPress\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/balada-malware-infects-million-wordpress-websites\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Massive Balada Malware Infects over a Million WordPress Websites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"name\":\"EncryptedFence by Certera - Web & Cyber Security Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\"},\"alternateName\":\"Certera's EncryptedFence Blog\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/logo-encryptedfence.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/blog\\\/#\\\/schema\\\/person\\\/e5a476aa90d9e02260ebfe4b0bf046b7\",\"name\":\"Janki Mehta\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g\",\"caption\":\"Janki Mehta\"},\"description\":\"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\\\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.\",\"sameAs\":[\"https:\\\/\\\/certerassl.com\\\/\"],\"url\":\"https:\\\/\\\/certera.com\\\/blog\\\/author\\\/certerabguser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Balada Malware Injector Infects Millions of WordPress Websites","description":"The Massive Balada malware has infected more than a million WordPress websites, causing significant concern in the cybersecurity community.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/","og_locale":"en_US","og_type":"article","og_title":"Balada Malware Injector Infects Millions of WordPress Websites","og_description":"The Massive Balada malware has infected more than a million WordPress websites, causing significant concern in the cybersecurity community.","og_url":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/","og_site_name":"EncryptedFence by Certera - Web &amp; Cyber Security Blog","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2023-04-11T09:52:33+00:00","article_modified_time":"2023-04-20T08:23:39+00:00","og_image":[{"width":2560,"height":1707,"url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/wordpress-malware-scaled.webp","type":"image\/jpeg"}],"author":"Janki Mehta","twitter_card":"summary_large_image","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"Janki Mehta","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#article","isPartOf":{"@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/"},"author":{"name":"Janki Mehta","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7"},"headline":"Massive Balada Malware Infects over a Million WordPress Websites","datePublished":"2023-04-11T09:52:33+00:00","dateModified":"2023-04-20T08:23:39+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/"},"wordCount":766,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"image":{"@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/wordpress-malware-scaled.webp","keywords":["cyberattack","vulnerability"],"articleSection":["Vulnerability"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#respond"]}],"copyrightYear":"2023","copyrightHolder":{"@id":"https:\/\/certera.com\/blog\/#organization"}},{"@type":"WebPage","@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/","url":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/","name":"Balada Malware Injector Infects Millions of WordPress Websites","isPartOf":{"@id":"https:\/\/certera.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/wordpress-malware-scaled.webp","datePublished":"2023-04-11T09:52:33+00:00","dateModified":"2023-04-20T08:23:39+00:00","description":"The Massive Balada malware has infected more than a million WordPress websites, causing significant concern in the cybersecurity community.","breadcrumb":{"@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#primaryimage","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/wordpress-malware-scaled.webp","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/04\/wordpress-malware-scaled.webp","width":2560,"height":1707,"caption":"Balada Malware - WordPress"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/blog\/balada-malware-infects-million-wordpress-websites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Massive Balada Malware Infects over a Million WordPress Websites"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/blog\/#website","url":"https:\/\/certera.com\/blog\/","name":"EncryptedFence by Certera - Web & Cyber Security Blog","description":"","publisher":{"@id":"https:\/\/certera.com\/blog\/#organization"},"alternateName":"Certera's EncryptedFence Blog","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/blog\/#organization","name":"Certera","url":"https:\/\/certera.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","contentUrl":"https:\/\/certera.com\/blog\/wp-content\/uploads\/2023\/08\/logo-encryptedfence.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/blog\/#\/schema\/person\/e5a476aa90d9e02260ebfe4b0bf046b7","name":"Janki Mehta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=https%3A%2F%2Fcertera.com%2Fblog%2Fwp-content%2Fuploads%2F2023%2F02%2Fhttps-vs-sftp-jpg.webp&r=g","caption":"Janki Mehta"},"description":"Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web\/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.","sameAs":["https:\/\/certerassl.com\/"],"url":"https:\/\/certera.com\/blog\/author\/certerabguser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/comments?post=408"}],"version-history":[{"count":17,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/408\/revisions"}],"predecessor-version":[{"id":540,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/posts\/408\/revisions\/540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media\/410"}],"wp:attachment":[{"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/media?parent=408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/categories?post=408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/blog\/wp-json\/wp\/v2\/tags?post=408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}