Web security firm Sucuri warned that the Balada Injector threat group recently exploited WordPress plugins associated with the Newspaper and Newsmag themes. Users have purchased the premium WordPress themes over 140,000 times.

A Vietnamese researcher in the TagDiv Composer plugin discovered the CVE-2023-3169 vulnerability in mid-September, and attacks exploiting the bug began shortly after. The Balada Injector campaign has infected over one million WordPress sites since 2017 and typically redirects site visitors to fake tech support and scam pages. The attackers also establish persistent access to targeted sites by uploading backdoors, adding malicious plugins, and creating additional admin accounts. Sucuri posted indicators of compromise and additional security recommendations on their blog.

Read More: