21 June 2024
USA University websites are serving Fortnite spam

Security researchers have found multiple USA university websites are serving Fortnite spam. 

The targeted sites were running on either TWiki or MediaWiki, both being Wiki applications that are used to run collaboration platforms, knowledge or document management systems, knowledge bases or team portals.  

BleepingComputer confirmed the malicious campaign was live, and had targeted additional scholastic websites including that of the University of Michigan.

The campaign was first spotted by Twitter user gonjxa who spotted over a dozen university sub-domains running the spam.

These wiki pages, purportedly uploaded by spammers, lure readers into visiting bogus sites that claim to be offering ‘free gift cards,’ ‘Fortnite Bucks,’ and cheats, among other digital artifacts.

The sites go a step further and also act as phishing pages that can steal a visitor’s Fortnite login credentials by presenting a fake login form.

Although the malicious campaign has primarily targeted university websites built with MediaWiki, it seems some government websites were also hit by the same threat actors.

It targets some government websites, including mini-websites hosted by the Brazilian state government as well as the EU’s europa.eu domain. In the former’s case, the spammers appear to be targeting the Europass e-Portfolio service. The e-Portfolio service allows European residents to create and upload CVs and cover letters in PDF format. 

Last month, MediaWiki released security updates fixing multiple vulnerabilities in the platform but none seem directly relevant to the ongoing malicious campaign.

In the meantime, system admins of the affected sites are advised to sweep their websites for spam and malicious content, especially with resources or assets containing keywords like “gift card”, ‘Fortnite’ and their likes. 

Users are also advised to pay attention to any pages they come across on the impacted sites and not to visit any such websites.

Leave a Reply

Your email address will not be published. Required fields are marked *