JavaScript Malware Pushing Chinese Gambling Platforms
A malicious campaign has compromised roughly 150,000 legitimate websites by injecting harmful JavaScript that is designed to promote Chinese-language gambling platforms.
LISTEN TO THIS ARTICLE:Security analyst Himanshu Anand of c/side has reported that attackers are using an iframe injection method, which creates a full-screen overlay that hijacks the browser and displays gambling content.
According to data from PublicWWW, over 135,800 sites currently carry the JavaScript payload. The ongoing operation, which was first documented by website security firm c/side last month, relies on browser hijacking to reroute visitors to gambling-related landing pages.
The redirection mechanism is powered by JavaScript hosted on five domains, such as “zuizhongyj.com”, which deliver the code responsible for executing these browser redirects.
Reputable Websites Also Mimicked
In a twist on the original scheme, a variant has been seen that mimics reputable live online casinos. This version uses HTML injections featuring real logos and branding to produce a CSS-based full-screen overlay that replaces genuine site content with a gambling promotion page.
This attack demonstrates how threat actors constantly adapt, increasing their reach and using new layers of obfuscation. Client-side attacks like these are on the rise, with more and more findings every day.
More Technology News
GoDaddy Exposes DollyWay World Domination Malware
The news came soon after GoDaddy’s recent exposure of the DollyWay World Domination malware operation, which has infected more than 20,000 websites worldwide since 2016. As of early 2025, over 10,000 WordPress sites have been caught in the scheme.
Security researcher Denis Sinegubko said that the latest iteration of the DollyWay operation primarily targets visitors to infected WordPress sites. The attackers inject redirect scripts linked to a distributed Traffic Direction System (TDS) hosted across compromised domains. These scripts steer users toward scam pages connected to cybercriminal affiliate networks like VexTrio.
VexTrio, which is one of the largest of its kind, uses DNS tricks, traffic systems, and algorithm-generated domains to distribute malware and fraudulent content. The attacks begin with injecting dynamic scripts into WordPress sites, often using ad networks such as PropellerAds to profit from hijacked traffic.
Attackers modify server-side PHP code, insert malicious scripts into plugins, disable security tools, and extract admin credentials to maintain control.
GoDaddy revealed that DollyWay’s TDS infrastructure utilizes thousands of hacked WordPress sites, generating between 9 and 10 million page impressions monthly. The redirect URLs often originate from the LosPollos traffic broker network.
RELATED TOPICS: Technology
Latest News
Most Read
Must Read
Interviews
Sweepstakes Casinos: Thriving in an Ever-Changing Industry – Interview with Attorney Stephen C. Piepgrass
Feb 17, 2025
Interviews
Review this New Post
Leave a Comment
User Comments
Comments for JavaScript Malware Pushing Chinese Gambling Platforms