Criminals are aiming to steal Fortnite user accounts, and is using websites belonging to American universities to do so.
A new report from BleepingComputer claims to have found an ongoing phishing campaign leveraging compromised websites belonging to Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, and other universities.
Tipped off by Twitter user g0njxa, the publication says that there are multiple websites, powered by TWiki or MediaWiki (content management systems and web app platforms), that are hosting Fortnite and gift card spam sites.
No free lunch
Apparently, someone managed to compromise these websites and upload wiki pages that promote fake websites that offer free gift cards and free Fortnite in-game currency, among other things.
Visitors that click the links promoted on these pages will see a login form mimicking Fortnite. Should they try to enter their credentials, they’d give them directly to the attackers.
“Are you an avid Fortnite player looking for the most efficient way to get your hands on V Bucks? If so, you’ve come to the right place!” one of the malicious (opens in new tab) pages reads.
Besides university sites, some government websites were also abused for the same purpose, the publication claims, mentioning mini-sites hosted by a Brazilian state government, as well as European Union’s Europa.eu. In the latter’s case, the Europass e-Portfolio service (a job search portal) seems to have been leveraged.
Aside from BleepingComputer, no cybersecurity researchers have yet joined the investigation, it seems. At the moment, we don’t know who is behind the attack, or if they used any malware, or leveraged any zero-day vulnerabilities, to compromise these websites. The publication says that MediaWiki released security updates last month, but none of those addressed this campaign.
System admins operating MediaWiki and TWiki sites should run a search on their sites for malicious content such as “gift card”, “Fortnite”, and similar.
Via: BleepingComputer (opens in new tab)