1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Thousands of websites have now been hijacked by this devious, and

    From TechnologyDaily@1337:1/100 to All on Friday, March 28, 2025 14:15:08
    Thousands of websites have now been hijacked by this devious, and growing, malicious scheme

    Date:
    Fri, 28 Mar 2025 14:02:00 +0000

    Description:
    Scheme grew from 35,000 websites to 150,000 websites in just a matter of weeks.

    FULL STORY ======================================================================Research ers find more than 150,000 compromised websites The websites carried malware that overlaid them with malicious landing pages Web admins are advised to audit their code

    Security researchers c/side recently reported on a major website hijacking campaign, in which unnamed threat actors took over 35,000 websites and used them to redirect visitors to malicious pages and even serve them malware.

    Now, a month later, the team has claimed the campaign has scaled even
    further, and now compromises a staggering 150,000 websites.

    C/side believes the campaign is related to the Megalayer exploit, since its known for distributing Chinese-language malware , contains the same domain patterns, and the same obfuscation tactics.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Open redirects

    While the method changed slightly, and now comes with a slightly revamped interface, the gist is still the same, as the attackers use iframe injections to display a full-screen overlay in the visitors browser.

    The overlays show either impersonated legitimate betting websites, or
    outright fake gambling pages.

    C/side did not detail who the attackers are, other than saying they could be linked to the Megalayer exploit.

    The attackers are most likely Chinese, since theyre coming from regions where Mandarin is common, and since the final landing pages present gambling
    content under the Kaiyun brand.

    They also did not discuss how the threat actors managed to compromise these tens of thousands of websites, but once the attackers gained access, they
    used it to inject a malicious script from a list of websites.

    Once the script loads, it fully hijacks the users browser window - often redirecting them to pages promoting a Chinese-language gambling (or casino) platform, the researchers explained in the previous report.

    To mitigate the risk of website takeover, c/side says web admins should audit their source code, block malicious domains, or use firewall rules for zuizhongjs[.]com, p11vt3[.]vip, and associated subdomains.

    It would also be wise to keep an eye on logs for unexpected outgoing requests to these domains. You might also like Major website hijacking scam sees over 35,000 sites attacked, redirected to gambling sites, so be on your guard
    We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-websites-have-now-been-hij acked-by-this-malicious-scheme


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)