• Fri. May 24th, 2024

Hackers Exploit University Websites: MediaWiki and TWiki Infected with Fortnite Spam

Avatar photo

ByHarper Stewart

May 15, 2023
Hackers Exploit University Websites: MediaWiki and TWiki Infected with Fortnite Spam
Harper Stewart
Latest posts by Harper Stewart (see all)

Numerous American institutions’ websites are distributing Fortnite and “gift card” spam.

Several prestigious academic institutions, including Stanford, Northeastern, Caltech, and others, have reportedly been affected by a malware campaign, as per investigators’ findings. Additionally, the University of Michigan’s website was also targeted in this attack. BleepingComputer reports that this campaign is still ongoing.

Hacking campaigns target university Wikis

Numerous sub-domains serving Fortnite spam and linked to prominent American universities were discovered by Twitter user g0njxa this week.

These websites seem to be powered by either TWiki or MediaWiki, the latter of which is a content management system that is also used by Wikipedia and other Wikimedia websites.

These wiki articles, believed to have been uploaded by spammers, entice visitors to visit fake websites that offer “free gift cards,” “Fortnite Bucks,” and other digital items in exchange for their information.

The phony Fortnite sites hosted by these domains, however, are phishing forms that ask users for their login credentials.

According to BleepingComputer, some of these websites entice users with the offer of gift cards in exchange for filling out fake surveys.

The abuse of Europa’s Europass

The cybercriminals behind the malicious campaign targeting MediaWiki-based academic websites also appear to have targeted several government websites. Among the affected websites was Europa.eu, as well as microsites managed by a state government in Brazil.

In the case of Europa.eu, it appears that the spammers have misused the Europass e-Portfolio service, a job search tool that enables users to create and upload their CVs and cover letters as PDFs. This has led to the posting of spam pages and PDF documents on the website.

It isn’t yet clear how the threat actors were able to exploit the websites of reputable organizations to post spam content. Further investigation is needed to identify the methods used and to prevent similar attacks from happening in the future.

BleepingComputer is still looking into what’s causing the problem

To ensure the safety and security of their websites, system administrators for MediaWiki and TWiki are strongly recommended to conduct a thorough check for spam and other potentially harmful materials. As a precautionary measure, users should also avoid clicking on any links that appear dubious or suspicious on hacked Wiki pages.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.