FOCUS MODE
EXTRACT IOC
Interesting Stuff

Indonesian E-Learning Sites Hijacked for Gambling! Hackers Turn Education Platforms into Online Casino Hubs

admin

Cybersecurity researchers have identified a new campaign targeting PHP-based web servers, particularly those running the Moodle learning management system in Indonesia, to promote gambling platforms. The attacks involve Python-based bots deploying the GSocket tool to establish persistent communication channels on compromised servers. By exploiting existing web shells, hackers ensure that gambling-related content remains active even after initial breaches are addressed.

This coordinated effort highlights the growing sophistication of cybercriminals in exploiting vulnerabilities for illicit gains, potentially in response to increased government scrutiny on gambling activities. The campaign underscores the importance of securing web servers and monitoring for unauthorized modifications to prevent such intrusions.

Python-based Bots Exploiting Php Servers Fuel Gambling Platform Proliferation
>> https://www.hendryadrian.com/web/?url=40841

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
>> https://www.hendryadrian.com/web/?url=40089

Over 5,000 WordPress Sites Caught In Wp3.xyz Malware Attack — C/side
>> https://www.hendryadrian.com/web/?url=39969

“At the top of each PHP file was PHP code designed to allow only search bots to access the page, but regular site visitors would be redirected to another domain”
example: https://urlscan.io/result/c7a24ef1-9f11-4c04-bb2f-15ccd7646f8c/

Examples of Indonesian E-Learning Platforms (Moodle) Exploited for Online Gambling Promotions

elearning.bpsdmd.ntbprov.go.id

https://elearning.bpsdmd.ntbprov.go.id/moodle/course/index.php?categoryid=3&lang=id
slot gacor · situs toto · togel online · colatogel · toto slot · colatogel · slot pulsa

onlinelearning.ellc.co.id

https://onlinelearning.ellc.co.id/moodle//index.php

Not elearning but used to promote Online Gambling

inaexport.id

https://inaexport.id/public/excel/novemberrain/?id=pktoto-cc

https://almassatria].id/?nias=pktoto-cc
https://jualaslistore].id/lucky5/?id=pktoto-cc-login
https://ghptour].id/sorrow/?id=pktoto-cc-login
https://harplawyers].co].id/ns2615/?id=PKTOTO-CC
https://kason].id/semanggi2/?id=pktoto-cc-login
https://otvit].id/?laos=pktoto-cc
https://kason].id/patroli3/?id=pktoto-cc-login
https://reafter].id/semanggi3/?id=pktoto-cc-login
https://dwetiquette].id/lucky4/?id=pktoto-cc
https://absenacingjaya].id/firasat/?id=pktoto-cc
https://dwetiquette].id/dokter/?id=pktoto-cc
https://lazumizuu].id/cuka485/?id=PKTOTO-CC
https://saifudin].id/lucky4/?id=pktoto-cc
https://berinovasi].id/dokter/?id=pktoto-cc
https://onfood].id/gunslinger/?id=pktoto-cc-login
https://motivaction].id/gunslinger/?id=pktoto-cc
https://kreatif].id/dokter/?id=pktoto-cc-login
https://interpreters].id/gunslinger/?id=pktoto-cc
https://rivco].id/gunslinger/?id=pktoto-cc-login
https://initiative].id/dokter/?id=pktoto-cc
https://kulinera].id/lucky4/?id=pktoto-cc-login

Read Also : Suspected Cybersecurity Incidents In Government Websites Hosting Gambling Content

>> https://www.hendryadrian.com/?p=36156

Tags: INDONESIA, TOOL, GOVERNMENT