Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard

Researchers found more than 35,000 compromised websites
Sites were carrying malicious code that took over the browser window
Visitors were being served casino landing pages

More than 35,000 websites have been compromised in a major hacking campaign that saw users redirected to malicious pages, or possibly even served malware, experts have warned.

A report from cybersecurity researchers at c/side, did not detail who the attackers are, other than saying they could be linked to the Megalayer exploit.

They also did not discuss how the threat actors managed to compromise these tens of thousands of websites, but once the attackers gained access, they used it to inject a malicious script from a list of websites.

Hiding from researchers

“Once the script loads, it fully hijacks the user’s browser window – often redirecting them to pages promoting a Chinese-language gambling (or casino) platform,” the researchers explained.

The attackers are most likely Chinese, since they’re coming from regions where Mandarin is common, and since the final landing pages present gambling content under the Kaiyun brand.

The tens of thousands of compromised websites were serving a few variants of gambling landing pages, it was explained. Some IPs and regions were being served a static page, saying access is blocked. This, the researchers believe, is to prevent security researchers from discovering the attack.

C/side believes the campaign is related to the Megalayer exploit, since it’s known for distributing Chinese-language malware, contains the same domain patterns, and the same obfuscation tactics.

To protect websites against these exploits, c/side advises IT teams to audit their source code, and block malicious domains, or use firewall rules for zuizhongjs[.]com,

p11vt3[.]vip, and associated subdomains. They should also monitor logs for unexpected outgoing requests to these domains, check for unauthorized modifications, restrict scripts to only trusted domains with a well-defined CSP, and frequently scan the sites with tools like PublicWWW or URLScan.

https://cdn.mos.cms.futurecdn.net/B73DML5s9XT2asace74Gnd-1200-80.jpg

Source link

What is the release date for Marshals: A Yellowstone Story episode 6 on CBS and Paramount+?

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

This new ‘laughing rat’ malware will steal your data and hack your systems — and then laugh at you while doing it

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Jason Kelce, Kylie Kelce New Dog Name Change, Bernadette to Matilda

The Secret Place At Disney Only Celebs Can Access

Why Mateo’s Change To Night Shift Is Important For The Pitt Season 2 Explained By Jalen Thomas Brooks

Netflix’s Near-Perfect 8-Part Horror Thriller Hits 28M Hours Watched in Just 1 Week

Form DEF 14A IDACORP For: 2 April

Form DEF 14A Franklin Street Properties Corp For: 2 April

Form DEF 14A CORBUS PHARMACEUTICALS HOLDINGS For: 2 April

Form S-3 Taoweave Inc For: 2 April

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard

Jason Kelce, Kylie Kelce New Dog Name Change, Bernadette to Matilda

Form DEF 14A IDACORP For: 2 April

The Secret Place At Disney Only Celebs Can Access

Form DEF 14A Franklin Street Properties Corp For: 2 April