Researchers have found that several US universities’ websites, including those of Stanford, MIT, Berkeley, UMass Amherst, Northeastern and Caltech, have been compromised and are hosting Fortnite and gift card spam. According to BleepingComputer, the campaign is currently active and has also targeted other university websites, as well as some government sites.
Malicious sub-domains purportedly uploaded by spammers that use TWiki or MediaWiki lure users to visit fake sites that offer free gift cards, cheats and Fortnite Bucks. These fake domains ask for user credentials or prompt them to complete bogus surveys in exchange for gift cards.
Europa.eu, a job search portal that allows prospective European residents to upload their CVs and cover letters as PDFs, was also found to have been abused by spammers. It’s unclear how the threat actors uploaded spam pages and PDFs to the legitimate organizations’ websites.
Although MediaWiki released a security update last month to fix multiple vulnerabilities in the platform, none of these appear to be directly relevant to the ongoing malicious campaign.
BleepingComputer is continuing its investigation to determine the root cause of the issue, while sysadmins using MediaWiki and TWiki have been advised to sweep their websites for spam and malicious content, particularly those containing keywords such as “gift card” and “Fortnite.”
Users have also been cautioned against clicking on suspicious links within the compromised wiki pages.
