CyberSecurity news

FlagThis - #javascript

info@thehackernews.com (The@The Hacker News //
A massive malware campaign, identified as ZuizhongJS, has compromised over 150,000 websites through JavaScript injection to promote Chinese gambling platforms. Threat actors are breaching websites to drive traffic to illicit gambling sites. This campaign which injects obfuscated JavaScript and PHP code into the compromised sites hijacks browser windows. The primary goal is to generate revenue by redirecting users to full-screen overlays of fake betting websites, including impersonations of legitimate platforms like Bet365.

The attackers are believed to be linked to the Megalayer exploit, known for distributing Chinese-language malware and employing similar domain patterns and obfuscation tactics. The injected code is often hidden using HTML entity encoding and hexadecimal to evade detection. This campaign underscores the growing threat of client-side attacks and the need for robust website security measures, including regular script audits and strict Content Security Policies, to protect users from malicious redirects and potential financial harm.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Cyber Security News: Hackers Breach 150,000 Websites to Drive Traffic to Chinese Gambling Sites
  • gbhackers.com: Threat Actors Compromise 150,000 Websites to Promote Chinese Gambling Platforms
  • The Hacker News: 150,000 Sites Compromised by JavaScript Injection Promoting Chinese Gambling Platforms
  • www.techradar.com: Thousands of websites have now been hijacked by this devious, and growing, malicious scheme
Classification:
  • HashTags: #Malware #JavaScript #Cybersecurity
  • Target: Website Visitors
  • Attacker: ZuizhongJS
  • Product: Websites
  • Feature: JavaScript injection
  • Malware: ZuizhongJS
  • Type: Malware
  • Severity: Medium
@www.the420.in //
A large-scale malware campaign has compromised over 35,000 websites by injecting malicious JavaScript. The injected scripts redirect users to Chinese-language gambling platforms, specifically under the "Kaiyun" brand. This attack utilizes obfuscated JavaScript payloads to hijack user browsers, replacing legitimate website content with full-page redirects.

This malicious campaign operates by embedding a one-line `` tag into the source code of affected websites. These scripts then reference domains like zuizhongjs[.]com and other similar URLs. Once loaded, these scripts dynamically inject further payloads, manipulating browser behavior and creating a full-screen overlay that redirects users to unlicensed gambling platforms in Mandarin, targeting users in regions where Mandarin is predominantly spoken. The attackers employ techniques such as string concatenation and Unicode escapes to conceal their activities and evade detection by automated security systems.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Cyber Security News: cyberpress.org on 35,000 Websites Compromised with Malicious Scripts Redirecting Users to Chinese Websites
  • gbhackers.com: Over 35,000 Websites Hacked to Inject Malicious Scripts Redirecting Users to Chinese Websites
  • Talkback Resources: talkback.sh on Over 35,000 Websites Targeted in Full-Page Hijack Linking to a Chinese-Language Gambling Scam
  • Sucuri Blog: Sucuri article detailing WordPress spam
Classification:
@www.bleepingcomputer.com //
A new JavaScript obfuscation technique has been discovered and is being actively used in phishing attacks. Juniper Threat Labs identified the technique targeting affiliates of a major American political action committee (PAC) in early January 2025. The method leverages invisible Unicode characters to represent binary values, effectively concealing malicious JavaScript code within seemingly harmless text.

This obfuscation technique was first demonstrated in October 2024, highlighting the speed with which such research can be weaponized in real-world attacks. The encoding uses two different Unicode filler characters, the Hangul half-width and Hangul full width, to represent the binary values 0 and 1. This allows attackers to hide entire payloads invisibly within a script, which is then executed through a Proxy get() trap. Security researchers have posted methods to decode this encoded JavaScript into readable form.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • blogs.juniper.net: Invisible obfuscation technique used in PAC attack
  • bsky.app: A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC).
  • BleepingComputer: A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC).
  • Anonymous ???????? :af:: A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC).
  • www.bleepingcomputer.com: A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC).
  • Christoffer S.: Juniper Networks: Invisible obfuscation technique used in PAC attack Novel obfuscation technique observed in a phishing attack targeting affiliates of a political action committee (PAC) in January 2025.
Classification:
  • HashTags: #JavaScript #PhishingAttack #JuniperThreatLabs
  • Company: Juniper
  • Target: American Political Action Committee
  • Product: Microsoft Teams
  • Feature: JavaScript obfuscation
  • Type: Hack
  • Severity: Major