top of page

Thousands of Websites Hijacked to Redirect Visitors to Adult Content in Ongoing Campaign

A new widespread cyber operation has been hijacking thousands of websites aimed at East Asian audiences and redirecting them to adult-themed content since early September 2022. The ongoing campaign entails injecting malicious JavaScript code into the hacked websites, often connecting to the target web server using legitimate FTP credentials the threat actor previously obtained via an unknown method.

"In many cases, these were highly secure auto-generated FTP credentials which the attacker was somehow able to acquire and leverage for website hijacking," Wiz said in a report published this month.

The fact that the breached websites – owned by both small firms and multinational corporations – utilize different tech stacks and hosting service providers has made it difficult to trace a common attack vector, the cloud security company noted.

That having said, one of the common denominators between the websites is that a majority of them are either hosted in China or hosted in a different country but are primed for Chinese users. What's more, the URLs hosting the rogue JavaScript code are geofenced to limit its execution in certain East Asian countries.

There are also indications that the campaign has set its sights on Android as well, with the redirection script leading visitors to gambling websites that urge them to install an app (APK package name "com.tyc9n1999co.coandroid").


Commenting has been turned off.
bottom of page