Play at These Top Casinos
*18+ T&Cs apply to each offer. Click "Play Now" for more information.

JavaScript Malware Pushing Chinese Gambling Platforms

A malicious campaign has compromised roughly 150,000 legitimate websites by injecting harmful JavaScript that is designed to promote Chinese-language gambling platforms.

Chinese gambling sites spread through JavaScript site injections.
Listen to this news articleLISTEN TO THIS ARTICLE:

Security analyst Himanshu Anand of c/side has reported that attackers are using an iframe injection method, which creates a full-screen overlay that hijacks the browser and displays gambling content.

According to data from PublicWWW, over 135,800 sites currently carry the JavaScript payload. The ongoing operation, which was first documented by website security firm c/side last month, relies on browser hijacking to reroute visitors to gambling-related landing pages.

The redirection mechanism is powered by JavaScript hosted on five domains, such as “zuizhongyj.com”, which deliver the code responsible for executing these browser redirects.

Reputable Websites Also Mimicked

In a twist on the original scheme, a variant has been seen that mimics reputable live online casinos. This version uses HTML injections featuring real logos and branding to produce a CSS-based full-screen overlay that replaces genuine site content with a gambling promotion page.

This attack demonstrates how threat actors constantly adapt, increasing their reach and using new layers of obfuscation. Client-side attacks like these are on the rise, with more and more findings every day.

Himanshu Anandc/side Security Analyst

More Technology News

GoDaddy Exposes DollyWay World Domination Malware

The news came soon after GoDaddy’s recent exposure of the DollyWay World Domination malware operation, which has infected more than 20,000 websites worldwide since 2016. As of early 2025, over 10,000 WordPress sites have been caught in the scheme.

Security researcher Denis Sinegubko said that the latest iteration of the DollyWay operation primarily targets visitors to infected WordPress sites. The attackers inject redirect scripts linked to a distributed Traffic Direction System (TDS) hosted across compromised domains. These scripts steer users toward scam pages connected to cybercriminal affiliate networks like VexTrio.

VexTrio, which is one of the largest of its kind, uses DNS tricks, traffic systems, and algorithm-generated domains to distribute malware and fraudulent content. The attacks begin with injecting dynamic scripts into WordPress sites, often using ad networks such as PropellerAds to profit from hijacked traffic.

Attackers modify server-side PHP code, insert malicious scripts into plugins, disable security tools, and extract admin credentials to maintain control.

GoDaddy revealed that DollyWay’s TDS infrastructure utilizes thousands of hacked WordPress sites, generating between 9 and 10 million page impressions monthly. The redirect URLs often originate from the LosPollos traffic broker network.

RELATED TOPICS: Technology

Leave a Comment

user avatar
My Name United States of America
Rating:
0.0
Your Comment

User Comments

Comments for JavaScript Malware Pushing Chinese Gambling Platforms