An extensive cybersecurity campaign has infiltrated roughly 150,000 legitimate websites by injecting malicious JavaScript, primarily to promote Chinese-language gambling platforms. Security analysts have reported the issue, describing how the threat actors employ iframe injections to redirect users to gambling pages disguised as legitimate content.
Himanshu Anand, a security analyst at c/side, revealed that the attackers have revamped their operations while maintaining the use of an iframe to create a fullscreen overlay in users’ browsers. According to statistics from PublicWWW, there are currently over 135,800 sites containing this JavaScript payload, amplifying security concerns across the digital landscape. Anand explained that this attack exemplifies how threat actors continuously adapt their tactics to increase their reach and introduce new obfuscation methods.
This latest manifestation of cybercrime is not isolated. Just last month, c/side documented a related campaign that resulted in the infection of numerous websites with similar malicious JavaScript. These scripts exploit vulnerabilities in website code to hijack browser windows and redirect unsuspecting site visitors to pages that endorse illegal gambling activities. The redirection process is facilitated via JavaScript hosted on various domains that serve the primary payload.
In a broader context, GoDaddy has disclosed a decades-long malware operation dubbed “DollyWay World Domination,” which has compromised over 20,000 websites since 2016. Recent analyses indicate that more than 10,000 unique WordPress sites have fallen victim to this scheme. Denis Sinegubko, a security researcher, outlined how the DollyWay operation uses compromised sites as nodes in a distributed network to target visitors through malicious ads and script injections designed to mislead users.
The infiltration methods utilized by the cybercriminals extend to server-side attacks, where PHP code is appended to active plugins, disabling any existing security measures and granting unauthorized access. With the combination of these tactics, the overall impact on website security remains significant, prompting calls for enhanced protective measures for online platforms.
As this campaign continues to evolve, experts urge website owners and administrators to regularly review their security protocols and remain vigilant against emerging threats. The adaptability of these cybercriminal operations serves as a stark reminder of the persistent risks in the online environment.