236,000 DCloud Uni-App Sites Used in Crypto Scams, Phishing, and Wallet Drainers

A staggering 236,000 websites using DCloud’s Uni-App platform have been compromised in a massive-scale crypto scam and phishing operation, with hackers exploiting vulnerabilities to drain user wallets. The affected sites, which include online shopping platforms, social media outlets, and even charity organizations, are now being used to spread malware, phish sensitive information, and perpetuate wallet draining schemes.

The Uni-App platform is designed to simplify the process of creating mobile applications for web developers. However, it appears that a combination of poor security practices and vulnerabilities in the underlying code have created an environment ripe for exploitation. Hackers are leveraging AI-driven attack tools to identify and target these weaknesses, using them to inject malicious scripts into affected websites.

The compromised sites, which span across multiple industries, are now being used to host fake online stores, phishing pages, and wallet draining operations. These malicious activities are often disguised as legitimate applications or services, making it challenging for users to distinguish between genuine and fake content. In some cases, hackers have even managed to inject malware into the compromised sites, further compromising user data.

The scale of this operation is alarming, with an estimated 236,000 websites affected worldwide. This raises concerns about the security posture of organizations using DCloud’s Uni-App platform. It also highlights the need for businesses and individuals to remain vigilant in the face of emerging threats. As AI-powered attack tools continue to evolve, it’s essential that developers prioritize robust security measures and regularly update their systems to prevent similar vulnerabilities.

The use of AI-driven attack tools is a concerning trend in modern cybersecurity. These sophisticated tools can quickly identify and exploit vulnerabilities, often before they are patched or addressed by the affected organization. As such, it’s crucial for businesses and individuals to adopt proactive security strategies, including regular system updates, vulnerability assessments, and employee education on cybersecurity best practices.

To mitigate the risks associated with software vulnerabilities, it’s essential to implement robust security measures, including multi-factor authentication, encryption, and secure coding practices. Regularly updating systems and dependencies is also critical in preventing exploitation by AI-driven attack tools. By taking these steps, organizations can reduce their exposure to cyber threats and protect user data from malicious activities.


Source: The Hacker News — 2026-06-29