- Researchers found more than 35,000 compromised sites
- Sites bar malicious code that took over the browser window
- Visitors were served casino landing pages
More than 35,000 sites have been compromised in a larger hacking campaign that saw users redirected to malicious pages or possibly even earned malware, experts have warned.
A report from CyberSecurity scientists on C/Side Detail not to whom attackers are, except to say they could be linked to the megal layer utilization.
They also did not discuss how the threat actors managed to compromise on these tens of thousands of websites, but when the striker gained access, they used it to inject a malicious script from a list of websites.
Hiding for scientists
“When the manuscript is loaded, it fully hijacks the user’s browser window – often redirecting them to pages promoting a Chinese language game (or casino) platform,” the researchers explained.
The attackers are probably Chinese as they come from regions where Mandarin is common and as the final landing pages present game content under the Kaiyun brand.
The tens of thousands of compromised sites operated a few variants of game watering pages, it was explained. Some IPs and regions were served a static side and said access is blocked. This believes that researchers are to prevent security researchers from discovering the attack.
C/Side believes that the campaign is related to Megalayer utilization as it is known for distributing Chinese-linguistic malware contains the same domain patterns and the same connectivity tactics.
To protect sites from these exploits, C/Side IT teams advise to revise their source code and block malicious domains or use firewall rules for zuizhongjs[.]com,
P11VT3[.]VIP and associated subdomains. They should also monitor logs for unexpected outgoing requests for these domains, check for unauthorized changes, limit scripts to only trusted domains with a well -defined CSP and often scan sites with tools such as Publicww or URLSCAN.
