A massive cyber attack has compromised approximately 150,000 legitimate websites through malicious JavaScript injections. This ongoing campaign primarily targets users by redirecting them to Chinese-language gambling platforms, raising significant concerns about website security and user safety.

Key Takeaways

• Scope of Attack: Around 150,000 websites have been compromised.

• Methodology: Attackers use JavaScript injections to hijack browsers and redirect users.

• Targeted Content: The redirection promotes Chinese gambling platforms.

• Adaptation: Threat actors are evolving their tactics to increase reach and effectiveness.

Overview of the Attack

The cyber attack, which has been ongoing, utilizes a technique known as JavaScript injection. This method allows attackers to insert malicious scripts into the code of legitimate websites. Once a user visits an infected site, the script executes, hijacking the browser window and redirecting the user to a full-screen overlay that promotes gambling sites.

Security analysts have noted that the attackers have slightly revamped their approach, but the core method remains the same: using iframe injections to display the malicious content. As of now, over 135,800 sites have been identified as containing the harmful JavaScript payload.

Technical Details of the Attack

The attack operates through several key components:

1. JavaScript Payload: The malicious script is hosted on multiple domains, including one identified as "zuizhongyj[.]com.

2. Redirection Mechanism: Users are redirected to gambling platforms via a fullscreen overlay that obscures the legitimate content of the infected site.

3. Impersonation Tactics: Some variants of the attack involve injecting scripts that mimic legitimate betting websites, using official logos and branding to deceive users.

Rising Threat of Client-Side Attacks

This incident highlights a growing trend in cybersecurity threats, particularly client-side attacks. Security experts emphasize that such attacks are becoming more common, with new findings emerging daily. The adaptability of threat actors is a significant concern, as they continuously refine their methods to evade detection and increase their operational reach.

Related Malware Operations

The recent attack coincides with the disclosure of another long-running malware operation known as DollyWay World Domination, which has compromised over 20,000 websites since 2016. This operation primarily targets WordPress sites, injecting scripts that redirect users to various scam pages through a network of compromised sites.

The massive scale of this cyber attack serves as a stark reminder of the vulnerabilities present in web security. As cybercriminals continue to evolve their tactics, website owners and users must remain vigilant and prioritize security measures to protect against such threats. Regular updates, security audits, and user education are essential in combating the rising tide of cyber attacks.

Sources

• 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms, The Hacker News.