info@thehackernews.com (The@The Hacker News
//
A massive malware campaign, identified as ZuizhongJS, has compromised over 150,000 websites through JavaScript injection to promote Chinese gambling platforms. Threat actors are breaching websites to drive traffic to illicit gambling sites. This campaign which injects obfuscated JavaScript and PHP code into the compromised sites hijacks browser windows. The primary goal is to generate revenue by redirecting users to full-screen overlays of fake betting websites, including impersonations of legitimate platforms like Bet365.
The attackers are believed to be linked to the Megalayer exploit, known for distributing Chinese-language malware and employing similar domain patterns and obfuscation tactics. The injected code is often hidden using HTML entity encoding and hexadecimal to evade detection. This campaign underscores the growing threat of client-side attacks and the need for robust website security measures, including regular script audits and strict Content Security Policies, to protect users from malicious redirects and potential financial harm. References :
Classification:
@www.the420.in
//
A large-scale malware campaign has compromised over 35,000 websites by injecting malicious JavaScript. The injected scripts redirect users to Chinese-language gambling platforms, specifically under the "Kaiyun" brand. This attack utilizes obfuscated JavaScript payloads to hijack user browsers, replacing legitimate website content with full-page redirects.
This malicious campaign operates by embedding a one-line `` tag into the source code of affected websites. These scripts then reference domains like zuizhongjs[.]com and other similar URLs. Once loaded, these scripts dynamically inject further payloads, manipulating browser behavior and creating a full-screen overlay that redirects users to unlicensed gambling platforms in Mandarin, targeting users in regions where Mandarin is predominantly spoken. The attackers employ techniques such as string concatenation and Unicode escapes to conceal their activities and evade detection by automated security systems. References :
Classification:
@www.bleepingcomputer.com
//
A new JavaScript obfuscation technique has been discovered and is being actively used in phishing attacks. Juniper Threat Labs identified the technique targeting affiliates of a major American political action committee (PAC) in early January 2025. The method leverages invisible Unicode characters to represent binary values, effectively concealing malicious JavaScript code within seemingly harmless text.
This obfuscation technique was first demonstrated in October 2024, highlighting the speed with which such research can be weaponized in real-world attacks. The encoding uses two different Unicode filler characters, the Hangul half-width and Hangul full width, to represent the binary values 0 and 1. This allows attackers to hide entire payloads invisibly within a script, which is then executed through a Proxy get() trap. Security researchers have posted methods to decode this encoded JavaScript into readable form. References :
Classification:
|