Home News Over 35,000 Websites Hijacked in Massive Scam Redirecting Users to Gambling Sites
News

Over 35,000 Websites Hijacked in Massive Scam Redirecting Users to Gambling Sites

310

Cybersecurity experts have issued a warning after a major hacking campaign compromised more than 35,000 websites, redirecting users to malicious gambling platforms or even distributing malware.

How the Attack Works

According to c/side cybersecurity researchers, the attackers remain unidentified, though they are believed to be linked to the Megalayer exploit, a known method of distributing Chinese-language malware. While it’s unclear exactly how the websites were breached, once access was gained, malicious scripts were injected into the affected sites.

Once loaded, these scripts completely hijack a user’s browser window, often redirecting them to Chinese-language gambling websites under the Kaiyun brand. The attackers also use a tactic to evade detection—certain users, such as security researchers, are shown a static “access blocked” page instead of the malicious content.

Why Experts Believe Megalayer is Involved

C/side researchers suspect the campaign is related to Megalayer, as it shares:
Domain patterns commonly used by Megalayer campaigns
Obfuscation tactics to hide the attack
Connections to previous Chinese-language malware campaigns

How to Protect Your Website

To prevent falling victim to similar exploits, IT teams and website administrators should:
🔹 Audit source code regularly
🔹 Block malicious domains linked to the attack, including:

  • zuizhongjs[.]com
  • p11vt3[.]vip
  • Associated subdomains
    🔹 Monitor logs for suspicious outbound requests
    🔹 Check for unauthorized modifications to website scripts
    🔹 Restrict scripts to only trusted domains using a Content Security Policy (CSP)
    🔹 Scan websites frequently with tools like PublicWWW or URLScan

Cybercriminals continue to find new ways to exploit website vulnerabilities, making proactive monitoring and security measures more important than ever.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

NewsSecurity

Telegram’s t.me Domain Goes Offline Worldwide After Registry Imposes ServerHold

Telegram’s t.me Links Go Offline After Domain Registry Places Hold on Address...

NewsSecurity

Critical U-Boot Flaws Could Let Hackers Install Stealthy Firmware Malware

New U-Boot Bootloader Flaws Could Enable Stealthy Firmware-Level Attacks Security researchers have...

NewsSecurity

Exposed Hacker Server Reveals Massive Campaign Compromising 25,000 WordPress Websites

Exposed Server Reveals 25,000 Hacked WordPress Websites in Large Cybercrime Campaign A...

NewsSecurity

Hidden Tenda Router Backdoor Gives Hackers Full Administrator Access

Hidden Backdoor in Tenda Router Firmware Allows Attackers to Gain Admin Access...