A significant escalation in a website hijack campaign initially detected in February now impacts an estimated 150,000 websites. Security analyst Himanshu Anand continues to monitor the evolving tactics of the attackers. While the core iframe injection technique remains unchanged, there have been notable UI/UX updates and the use of HTML entity encoding in the malicious code. These adjustments aim to enhance the evasion of detection mechanisms, with many of the injected pages mimicking legitimate betting websites like Bet365, using official logos and branding to deceive users.
According to Anand's latest findings, while the core method of attack remains consistent, the threat actor has introduced several notable changes.
Further analysis has revealed variations in the website hijack attack, with injected scripts and iframes designed to mimic well-known betting sites like Bet365.
Collection
[
|
...
]