10,000 sites on the Internet redirect users to porn sites

Information security company researchers wiz reported that since the beginning of September 2022, attackers have hacked about 10,000 websites with a Chinese audience in order to redirect visitors to adult sites.

Large-Scale Campaign Includes Code Injection JavaScript to hacked websites using a connection to the target server using stolen FTP-accounts.

“In many cases, these were strong generated credentials that the attacker somehow obtained earlier,” Wiz experts said.

Because hacked websites, whether owned by small firms or multinational corporations, use different technology stacks and hosts, this makes it difficult to trace the attack vector.

At the same time, the sites have one thing in common – most of them are hosted either in China or in another country, and are intended for Chinese users. Moreover, URLs hosting malicious JavaScript code have geofencingto restrict code execution in some East Asian countries.

The researchers added that the campaign is also targeting Android devices, with a redirect script leading visitors to gambling sites that encourage them to install an app (APK file).

The identity of the attacker is not yet known, and although his exact motives have not yet been established, it is suspected that the purpose of the campaign is ad fraud or driving non-organic traffic to the sites of the attackers. This campaign is also notable for the fact that it does not use phishing, skimming or malware infection.

Wiz is investigating how the hacker gained initial access to so many websites, as well as identifying significant similarities between the affected servers, other than their use of the FTP protocol. According to experts, given the simplicity of the attack, the cybercriminal is unlikely to use the 0-day vulnerability, but this option should not be ruled out.