Summary: Cybersecurity researchers have uncovered a campaign targeting PHP-based web servers to promote gambling sites in Indonesia, utilizing Python-based bots for exploitation. The attacks leverage GSocket to establish communication channels and redirect users searching for gambling services to malicious domains. This coordinated effort has been linked to a broader malware campaign affecting thousands of sites globally.

Threat Actor: Unknown | unknown
Victim: Web servers running PHP applications | web servers running PHP applications

Keypoints :

• Attacks are primarily targeting servers running the Moodle learning management system.
• GSocket is used to maintain persistent access and deliver PHP files promoting gambling services.
• Site visitors are redirected to “pktoto[.]cc,” an Indonesian gambling site, while search bots are allowed access.