The specialists of Defiant company discovered the virus BabaYaga, that apparently was created by Russian programmers. The detected virus infects, in the first place, the sites created in WordPress, and now, after a series of updates it has become very dangerous.


BabaYaga consists of several modules: The first is used to obtain full control of the site, and the second is dedicated to redirect traffic to several stores that pay respectively to the developers of the BabaYaga virus.

In addition, the malicious program itself is capable of installing updates, performing reinstallations and backup copies of WordPress, as well as getting rid of unwanted modules that may interfere with the operation of BabaYaga.

As a summary, BabaYaga is a malware that generates spam links and redirects to highly malicious websites.

Unfortunately, BabaYaga is designed to effectively hide its presence.



Likewise, even if experienced computer users can detect the malware, ordinary people would be redirected to shaded sites where their PCs may be infected with other potentially unwanted programs.

BabaYaga developers generate profits through popular marketing schemes.

In other words, if the WordPress site infects with malware, users who click on it redirect to the affiliate page.

Similarly, spammers profit from the traffic that enters the website and also win with the purchases.

Therefore, it is essential to visit only reliable websites that are not designed to deliver unwanted content. Then, users need to monitor their activity online and look for suspicious and unreliable signs that may indicate a potential danger in cyberspace.

Malware researchers warn that BabaYaga will do everything as possible to not be removed from the website. In addition, vandals can upload files manually to the victim’s website.

Apart from this the BabaYaga can remove other malware programs since it can not operate on the infected WordPress site.

Finally, you will be thinking why the name BabaYaga.

Well, Baba Yaga is a famous witch from the east, known in Russia.

She has scared little children all over Eastern Europe for many centuries.


The name of Baba Yaga is composed of two elements. Baba means “grandmother” or “old woman” in most Slavic languages. On the other hand, there are two versions of the origin of the name Yaga.

Yaga is probably a diminutive of the female name Jadwiga. Then, your website may be vulnerable to the virus and any other possible attack.

Try to select WordPress themes that have good recognition like the ones offered in Elegant themes. Also, BackstagePC has several different solutions to choose from, including By Change and three monthly packages: basic maintenance, small business maintenance and corporate maintenance plans.

To see the details, click here.

Increase the security on your website if you get one of our maintenance Plans