A massive cyberattack has infected more than 150,000 websites with a stealthy JavaScript malware campaign designed to redirect users to Chinese-language gambling platforms. Cybersecurity experts have dubbed the operation a “Digital Dragon Trap,” referencing both its origin and aggressive expansion across the web.
First discovered in February 2025 with roughly 35,000 sites affected, the campaign has since quadrupled in scale. The malware operates by injecting obfuscated JavaScript code into legitimate websites, turning them into silent redirectors. Once activated, the code hijacks users’ browsers, displaying full-page overlays or redirecting them to betting pages under the “Kaiyun” brand—often impersonating trusted platforms like Bet365 with cloned visuals and logos.
These attacks primarily target Chinese-speaking audiences in regions such as mainland China, Hong Kong, and overseas Chinese communities in the United States. The attackers even block IPs from non-targeted regions to avoid scrutiny and detection.
Europe’s Online Casino Boom Fuels €5 Billion Fraud Epidemic
The malicious code is often hidden behind complex encoding techniques and hosted on domains like zuizhongyj[.]com, making it hard for administrators to detect. Victims are usually unaware their websites are compromised until user complaints or security audits reveal the issue.
Security professionals advise website owners to act swiftly:
- Review source code and look for unfamiliar <script> tags.
- Implement strong Content Security Policies (CSPs).
- Block malicious domains at the DNS level.
- Monitor for unauthorized changes in CMS templates or themes.
This cyber campaign underscores a growing trend: the use of client-side attacks to exploit legitimate platforms for illicit online gambling promotions. As attackers grow more sophisticated, experts urge tighter website security and stronger international cooperation to stop similar Asia-based digital threats.
