The campaign exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that can obtain critical information on the compromised websites.
Article Link: Ongoing Balada Injector campaign has infected one million WordPress sites since 2017 | SC Media