Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard


- Researchers found more than 35,000 compromised websites
- Sites were carrying malicious code that took over the browser window
- Visitors were being served casino landing pages
More than 35,000 websites have been compromised in a major hacking campaign that saw users redirected to malicious pages, or possibly even served malware, experts have warned.
A report from cybersecurity researchers at c/side, did not detail who the attackers are, other than saying they could be linked to the Megalayer exploit.
They also did not discuss how the threat actors managed to compromise these tens of thousands of websites, but once the attackers gained access, they used it to inject a malicious script from a list of websites.
Hiding from researchers
“Once the script loads, it fully hijacks the user’s browser window – often redirecting them to pages promoting a Chinese-language gambling (or casino) platform,” the researchers explained.
The attackers are most likely Chinese, since they’re coming from regions where Mandarin is common, and since the final landing pages present gambling content under the Kaiyun brand.
The tens of thousands of compromised websites were serving a few variants of gambling landing pages, it was explained. Some IPs and regions were being served a static page, saying access is blocked. This, the researchers believe, is to prevent security researchers from discovering the attack.
C/side believes the campaign is related to the Megalayer exploit, since it’s known for distributing Chinese-language malware, contains the same domain patterns, and the same obfuscation tactics.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
To protect websites against these exploits, c/side advises IT teams to audit their source code, and block malicious domains, or use firewall rules for zuizhongjs[.]com,
p11vt3[.]vip, and associated subdomains. They should also monitor logs for unexpected outgoing requests to these domains, check for unauthorized modifications, restrict scripts to only trusted domains with a well-defined CSP, and frequently scan the sites with tools like PublicWWW or URLScan.
You might also like
Researchers found more than 35,000 compromised websites Sites were carrying malicious code that took over the browser window Visitors were being served casino landing pages More than 35,000 websites have been compromised in a major hacking campaign that saw users redirected to malicious pages, or possibly even served malware, experts…
Recent Posts
- 3 features that would actually make me pay for a Samsung Health subscription for my Galaxy Watch – and one big problem it needs to avoid
- TikTok’s ‘ban’ problem could end soon with a new app and a sale
- 16-Core AMD EPYC 4005 CPU is almost 3X faster than AMD’s first server flagship – and I can’t believe what a bargain that is
- Samsung’s very special rugged tablet comes with eight – yes, eight – years of Android updates and hot-swappable batteries
- The latest Samsung Galaxy Z Flip 7 leak is the first hands-on video of the flip foldable
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022