Summary: Cybersecurity researchers have uncovered a campaign targeting PHP-based web servers to promote gambling sites in Indonesia, utilizing Python-based bots for exploitation. The attacks leverage GSocket to establish communication channels and redirect users searching for gambling services to malicious domains. This coordinated effort has been linked to a broader malware campaign affecting thousands of sites globally.
Threat Actor: Unknown | unknown
Victim: Web servers running PHP applications | web servers running PHP applications
Keypoints :
- Attacks are primarily targeting servers running the Moodle learning management system.
- GSocket is used to maintain persistent access and deliver PHP files promoting gambling services.
- Site visitors are redirected to “pktoto[.]cc,” an Indonesian gambling site, while search bots are allowed access.
Source: https://thehackernews.com/2025/01/python-based-bots-exploiting-php.html