Over 35,000 Websites Hijacked in Massive Scam Redirecting Users to Gambling Sites

Cybersecurity experts have issued a warning after a major hacking campaign compromised more than 35,000 websites, redirecting users to malicious gambling platforms or even distributing malware.

How the Attack Works

According to c/side cybersecurity researchers, the attackers remain unidentified, though they are believed to be linked to the Megalayer exploit, a known method of distributing Chinese-language malware. While it’s unclear exactly how the websites were breached, once access was gained, malicious scripts were injected into the affected sites.

Once loaded, these scripts completely hijack a user’s browser window, often redirecting them to Chinese-language gambling websites under the Kaiyun brand. The attackers also use a tactic to evade detection—certain users, such as security researchers, are shown a static “access blocked” page instead of the malicious content.

Why Experts Believe Megalayer is Involved

C/side researchers suspect the campaign is related to Megalayer, as it shares:
✅ Domain patterns commonly used by Megalayer campaigns
✅ Obfuscation tactics to hide the attack
✅ Connections to previous Chinese-language malware campaigns

How to Protect Your Website

To prevent falling victim to similar exploits, IT teams and website administrators should:
🔹 Audit source code regularly
🔹 Block malicious domains linked to the attack, including:

• zuizhongjs[.]com
• p11vt3[.]vip
• Associated subdomains
  🔹 Monitor logs for suspicious outbound requests
  🔹 Check for unauthorized modifications to website scripts
  🔹 Restrict scripts to only trusted domains using a Content Security Policy (CSP)
  🔹 Scan websites frequently with tools like PublicWWW or URLScan

Cybercriminals continue to find new ways to exploit website vulnerabilities, making proactive monitoring and security measures more important than ever.