Cybercriminals are sneakily attacking government and education websites all over the world. They are using an old editing tool that has not been updated for 14 years to manipulate search results and lead unsuspecting users to harmful websites or scams.
This trick uses “open redirects,” which allow websites to send users to other pages without proper checks. Hackers use these redirects to fool people into going to fake sites or getting malware.
The tricky thing is that these redirects seem to come from reliable sites, which makes it tough for security to catch them. Even popular search engines like Google can list these malicious links in their search results, making it easier for hackers to deceive users.
The cyber researcher @g0njxa first noticed this campaign when they saw university websites showing up in Google results for searches related to “Free V Bucks,” a currency used in the popular game Fortnite. These attacks mostly aim at schools such as MIT, Columbia University, and others, but they also strike government and company websites.
The hackers are using an old tool called FCKeditor, which was replaced by a newer and safer version called CKEditor over ten years ago. Despite its age, some websites still use FCKeditor, leaving them vulnerable to these attacks.
Clicking on these compromised links can lead users to fake news articles, phishing pages, or other dangerous websites. The companies behind FCKeditor have confirmed that the software is outdated and should no longer be in use, but unfortunately, many websites, including government and university sites, haven’t updated their software.
It is important for organizations to update their software regularly. This helps to protect both themselves and their users from attacks like these. We have seen similar attacks before, where government websites were targeted, redirecting users to fake adult sites and scams.