Security researchers from different organizations; The US government has revealed that many websites that seem to be reliable belonging to universities and official organizations have been hacked and used for fraudulent purposes.
According to the report published by Wired, scams that hide behind domain names such as “.gov” and “.org” targeted children through popular games such as Fortnite and Roblox. Scammers tried to trick children into downloading apps and malware and sharing personal information in exchange for non-existent rewards.
Targeting children through “Toxic PDFs”
Reportedly going on for five years, the scams top out when users search for things like free skins or in-game currency for Fortnite, Roblox, and other popular online games. These results lead to malicious PDFs that, when clicked, ask for personal information or app downloads.
Security researcher Zach Edwards, who defines such PDFs as “toxic PDFs”, says that when clicking on these files, which says that they win a free prize in a game, users are first directed to different sites and finally to the page requested by the scammers. In this process, information such as user name and operating system is requested and no reward is received no matter what is done. Edwards adds that scammers can make money when people are redirected to this maze of pages and eventually download an app or enter their information.
The researchers found that these PDFs appearing in search results were infected with many domain names such as “.gov” and “.org” that make them appear as safe sites. For example, one of these agencies was the New York State Department of Financial Services. WIRED stated that it was contacted this week and the PDFs were removed.
Epic Games and Roblox warn users that they do not allow such use of in-game content
The malicious PDFs were associated with servers owned by an advertising company registered in the USA called CPABuild. When searching about this company name, it was reported that YouTube tutorials for making quick money are often encountered with free in-game content. When WIRED tried to contact emails on the site, it did not get any response.
Epic Games, the company behind Fortnite, stated that there is no legitimate way for players to sell, trade or gift V-Bucks (in-game currency). Roblox developers, on the other hand, warned that they do not allow the exchange of in-game content through third parties, and that pages that offer them for free may be fraudulent.
45673
