Skip to content

University sites targeted to serve Fortnite spam via Wiki apps

  • by
  • 3 min read

Security researchers have found multiple US university websites, including MIT, Stanford, Amherst and Caltech among others to be serving Fortnite and gift card spam. The targeted sites were running on either TWiki or MediaWiki, both being Wiki applications that are used to run collaboration platforms, knowledge or document management systems, knowledge bases or team portals. The former also powers Wikipedia and multiple Wikimedia websites. 

The campaign was first spotted by Twitter user gonjxa who spotted over a dozen university sub-domains running the spam and was later confirmed by BleepingComputer. The fake wiki pages are likely uploaded by the spammers and lure readers into visiting fake websites that claim to offer free gift cards and Fortnite V-Bucks among other items such as cheats and digital collectables. 

The sites go a step further and also act as phishing pages that can steal a visitor’s Fortnite login credentials by presenting a fake login form. Where Fortnite isn’t involved, the sites claim to offer free gift cards for Roblox, Google Play, PlayStation, Xbox, Amazon, iTunes, Nintendo Switch and Best Buy among other services in exchange for completing surveys. 

As for the campaign itself, it extends beyond university websites based on the aforementioned platforms and also targets some government websites, including mini-websites hosted by the Brazilian state government as well as the EU’s europa.eu domain. In the former’s case, the spammers appear to be targeting the Europass e-Portfolio service. The e-Portfolio service allows European residents to create and upload CVs and cover letters in PDF format. 

A fake wiki page on MIT’s domain.

The identity of the threat actors and the exploit they’re using is unknown at the time of writing. MediaWiki released security updates in March fixing multiple vulnerabilities in their platform. However, either the affected sites weren’t patched or the particular exploit being abused wasn’t on the MediaWiki team’s radar. 

In the meantime, system admins of the affected sites are advised to sweep their websites for spam and malicious content, especially with resources or assets containing keywords like “gift card”, ‘Fortnite’ and their likes. Users are also advised to pay attention to any pages they come across on the impacted sites and not to visit any such websites. 

In the News: Misconfigured ICICI Bank cloud storage leaked 3.6 million records

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>