Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017.
The massive campaign, per GoDaddy’s Sucuri, “leverages all known and recently discovered theme and plugin vulnerabilities” to breach WordPress sites. The attacks are known to play out in waves once every few weeks.
“This campaign is easily identified