Anomali Cyber Watch: Balada Injector Exploits WordPress Elementor Pro, Icon 3CX Stealer Detected by YARA, Koi Loader-Stealer Compresses-then-Encrypts Memory Streams, and More.

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: Clipboard-injectors, Infostealers, Malvertising, Pay-per-install, Supply chain, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity. Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.

Trending Cyber News and Threat Intelligence

High Severity Vulnerability in WordPress Elementor Pro Patched

(published: March 31, 2023)

The Balada Injector campaign has been targeting vulnerable website plugins and themes since at least 2017. Its newest target are WordPress WooCommerce websites with a broken access control vulnerability in the popular website builder plugin Elementor Pro. This high severity (CVSS v3.1: 8.8, High) vulnerability received a security patch on March 22nd, 2023, therefore, Balada Injector targets websites that have not been patched yet. The attackers create a new administrator user and insert a script sending visitors to a multi-hop redirect for the purpose of spam, scam, or installing adware.Analyst Comment: Website administrators should update immediately if they have Elementor Pro version 3.11.6 or below installed. Employ server-side scanning to detect unauthorized malicious content. All known indicators associated with the Balada Injector campaign are available in the Anomali platform and customers are advised to block these on their infrastructure.MITRE ATT&CK: [MITRE ATT&CK] T1587.004 - D ..

Support the originator by clicking the read the rest link below.