WordPress is no stranger to cyberattacks, and has now suffered another exploit, through which over one million sites have been infected. This malicious campaign has taken place using a kind of malware known as Balada Injector. But how does this malware work, and how did it manage to infect over a million WordPress sites?