FlagThis

A massive malware campaign, identified as ZuizhongJS, has compromised over 150,000 websites through JavaScript injection to promote Chinese gambling platforms. Threat actors are breaching websites to drive traffic to illicit gambling sites. This campaign which injects obfuscated JavaScript and PHP code into the compromised sites hijacks browser windows. The primary goal is to generate revenue by redirecting users to full-screen overlays of fake betting websites, including impersonations of legitimate platforms like Bet365.

The attackers are believed to be linked to the Megalayer exploit, known for distributing Chinese-language malware and employing similar domain patterns and obfuscation tactics. The injected code is often hidden using HTML entity encoding and hexadecimal to evade detection. This campaign underscores the growing threat of client-side attacks and the need for robust website security measures, including regular script audits and strict Content Security Policies, to protect users from malicious redirects and potential financial harm.

ImgSrc: blogger.googleu

References :

• Cyber Security News: Hackers Breach 150,000 Websites to Drive Traffic to Chinese Gambling Sites
• gbhackers.com: Threat Actors Compromise 150,000 Websites to Promote Chinese Gambling Platforms
• The Hacker News: 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
• www.techradar.com: Thousands of websites have now been hijacked by this devious, and growing, malicious scheme

Classification:

• HashTags: #Malware #JavaScript #Cybersecurity
• Target: Website Visitors
• Attacker: ZuizhongJS
• Product: Websites
• Feature: JavaScript injection
• Malware: ZuizhongJS
• Type: Malware
• Severity: Medium