Ongoing Scam Tricks Kids Playing Roblox and Fortnite
Freeman writes:
https://arstechnica.com/security/2023/08/ongoing-scam-tricks-kids-playing-roblox-and-fortnite/
Thousands of websites belonging to US government agencies, leading universities, and professional organizations have been hijacked over the last half decade and used to push scammy offers and promotions, new research has found. Many of these scams are aimed at children and attempt to trick them into downloading apps, malware, or submitting personal details in exchange for nonexistent rewards in Fortnite and Roblox.
For more than three years, security researcher Zach Edwards has been tracking these website hijackings and scams. He says the activity can be linked back to the activities of affiliate users of one advertising company. The US-registered company acts as a service that sends web traffic to a range of online advertisers, allowing individuals to sign up and use its systems. However, on any given day, Edwards, a senior manager of threat insights at Human Security, uncovers scores of .gov, .org, and .edu domains being compromised.
[...] The schemes and ways people make money are complex, but each of the websites is hijacked in a similar way. Vulnerabilities or weaknesses in a website's backend, or its content management system, are exploited by attackers who upload malicious PDF files to the website. These documents, which Edwards calls poison PDFs," are designed to show up in search engines and promote free Fortnite skins," generators for Roblox's in-game currency, or cheap streams of Barbie, Oppenheimer, and other popular films.
Read more of this story at SoylentNews.