Summary: A malware campaign has compromised approximately 150,000 websites by injecting malicious JavaScript to redirect users to Chinese-language gambling platforms. These attacks utilize iframe tactics for full-screen overlays, targeting visitors of infected sites. Another related operation, dubbed DollyWay, has affected over 20,000 websites globally by redirecting traffic through a complex network of compromised WordPress sites to various scam pages.
Affected: 150,000 compromised websites, including WordPress sites
Keypoints :
- Malicious JavaScript injections have been used to hijack browsers and redirect users to gambling sites.
- The campaign employs iframe overlays and impersonates legitimate betting sites for authenticity.
- DollyWay operation has affected over 20,000 websites, leveraging a network of infected WordPress sites for malicious redirection.
- Attack methods include modifying server-side PHP code in plugins and disabling security measures.
- Recent infrastructure adjustments in DollyWay reveal operational challenges for the attackers.
Source: https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html