Thousands of websites hijacked by this malware: How you can protect yourself

A massive wave of cyberattacks has compromised over 150,000 websites, redirecting users to fake gambling platforms and deploying malware via full-screen overlays. Security firm c/side warns that this campaign has rapidly escalated from its initial 35,000 infections, raising serious concerns about the scale and persistence of the threat.

Malicious overlays and fake gambling sites

According to c/side, the attackers are injecting malicious scripts that hijack browsers using iframes, displaying fake gambling content—often under the Kaiyun brand—disguised as legitimate betting platforms. The malware is primarily targeting users in Mandarin-speaking regions, suggesting potential ties to Chinese threat actors and possibly linked to the known Megalayer exploit.

Once loaded, the script fully overtakes the browser window, forcing users to interact with fake pages. Researchers note that these overlays are designed to trick users into staying engaged, potentially downloading further malware or sharing sensitive information.

How websites are being compromised

While the exact attack vector remains unclear, once attackers gain access to a website, they insert code that loads from suspicious domains like zuizhongjs[.]com and p11vt3[.]vip. These domains serve the malicious scripts that execute the hijack.

c/side recommends that administrators conduct thorough code audits, monitor traffic logs, and implement firewall rules to block these domains. Keeping an eye on unexpected outgoing requests is critical to identifying infections early and mitigating the damage.

Staying safe online

For users, the best defense is staying vigilant when browsing unfamiliar or compromised-looking sites. Avoid clicking suspicious links, and ensure browser and antivirus software are always up to date. When in doubt, close the window and verify the site manually.