A group of experts noted a rapid evolution in Balada Injector’s infrastructure and attack methods, which resulted in a significant number of compromised WordPress sites. Balada malware injection attacks have been found exploiting a vulnerable tagDiv premium theme plugin to target Newspaper and Newsmag websites. It is recommended to remove all unwanted admin users and redundant plugins to stay safe.