The BabaYaga malware infects websites that use WordPress, one of the most popular content management systems. Although the malware has existed for quite some time, it was recently highlighted again because WordPress site infections have continued to be a major problem– hosting malware to be delivered to targeted victims through links in phishing messages. BabaYaga, named for a mythical Russian character, has more advanced capabilities than most other malware that targets WordPress. After it infects a website, it creates a backup, updates WordPress to the latest version to keep other malware out, and actively seeks out and removes competing malware. It hides in plain sight, using filenames that blend in with other common WordPress files, and contains functionality to automatically reinstall itself if it is discovered and removed.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that