Numerous American institutions’ websites are distributing Fortnite and “gift card” spam.
Several prestigious academic institutions, including Stanford, Northeastern, Caltech, and others, have reportedly been affected by a malware campaign, as per investigators’ findings. Additionally, the University of Michigan’s website was also targeted in this attack. BleepingComputer reports that this campaign is still ongoing.
Hacking campaigns target university Wikis
Numerous sub-domains serving Fortnite spam and linked to prominent American universities were discovered by Twitter user g0njxa this week.
These websites seem to be powered by either TWiki or MediaWiki, the latter of which is a content management system that is also used by Wikipedia and other Wikimedia websites.
These wiki articles, believed to have been uploaded by spammers, entice visitors to visit fake websites that offer “free gift cards,” “Fortnite Bucks,” and other digital items in exchange for their information.
The phony Fortnite sites hosted by these domains, however, are phishing forms that ask users for their login credentials.
According to BleepingComputer, some of these websites entice users with the offer of gift cards in exchange for filling out fake surveys.
The abuse of Europa’s Europass
The cybercriminals behind the malicious campaign targeting MediaWiki-based academic websites also appear to have targeted several government websites. Among the affected websites was Europa.eu, as well as microsites managed by a state government in Brazil.
In the case of Europa.eu, it appears that the spammers have misused the Europass e-Portfolio service, a job search tool that enables users to create and upload their CVs and cover letters as PDFs. This has led to the posting of spam pages and PDF documents on the website.
It isn’t yet clear how the threat actors were able to exploit the websites of reputable organizations to post spam content. Further investigation is needed to identify the methods used and to prevent similar attacks from happening in the future.
BleepingComputer is still looking into what’s causing the problem
To ensure the safety and security of their websites, system administrators for MediaWiki and TWiki are strongly recommended to conduct a thorough check for spam and other potentially harmful materials. As a precautionary measure, users should also avoid clicking on any links that appear dubious or suspicious on hacked Wiki pages.