Baby, wake up – a new form of social engineering has just fallen.
Researchers at global cybersecurity firm Trend Micro said cybercriminals on Tiktok are using videos to lure users to download malware. The researchers say this is a “new social engineering campaign” aimed at leveraging Tiktok users.
In videos that are likely to be AI-generated, users promise free versions of Windows and Microsoft Office software or access to quality features in applications like Capcut and Spotify. Cybercriminals say all you have to do is execute simple PowerShell commands. People are following the instructions in the Tiktok video because they are masked as software activation steps, which are then used by bad participants to inject into malware, such as Vidar, and steal it into the user’s system. According to Wandering Computer, many videos have hundreds of thousands of views.
Mixable light speed
PowerShell commands are short lines of code that perform tasks on the device and you should be very suspicious of any commands or software links found on Tiktok.
“In this campaign, the attacker is using Tiktok videos to verbally instruct users to execute malicious commands on their own systems,” Trend Micro explained in a report on the attack. “Social engineering occurs inside the video itself, not through detectable code or scripts. There is no malicious code on the platform for security solutions to be analyzed or blocked. All viable content is delivered visually and audibly. Threatening actors try to evade existing detection mechanisms, making it harder for defenders to detect and disrupt these activities.”
Tiktok declined to comment on the particular threat, but the company confirmed to Mashable that the activity-related accounts have been deactivated. Tiktok users can also learn more about scams and phishing attempts at the Tiktok Security Center.
theme
Artificial Intelligence Tiktok
