- TikTok and Instagram Reels Now Used to Target Victims
- “Free” subscriptions to Spotify, Microsoft and Adobe aimed at cash-strapped users
- Social engineering remains the main vector, but basic account security measures do much of the heavy lifting.
A new report from ReversingLabs warns of video doomscrollers spreading on short-form platforms like TikTok and Instagram Reels and infecting users with password-stealing malware.
The videos typically promise free access to subscriptions like Spotify Premium, Windows, Office, and Adobeāan instant, tell-tale sign that things might not be as they seem.
Instead of receiving phishing emails, victims are instructed to open command-line tools like PowerShell, then paste and run the command shown in the video.
Beware of this information-stealing malware
When they execute the command, it triggers the download and installation of malware on the victim’s computer. Vidar, the information thief, targets usernames, passwords, cookies, session tokens, cryptocurrency wallet data, personal files and documents, and other sensitive information.
But most importantly, it marks a significant change: Previously, email phishing campaigns were extremely popular to gain access to victims’ credentials, with a simple click on a link leading to potential disaster. This newer method relies on victims physically entering commands into a tool, which requires more patience.
Ultimately, the attack exploits current economic tensions and the fact that consumers are looking for cheap and free alternatives to popular subscriptions.
“This type of social engineering is an easy way for threat actors to direct social media traffic to a malicious website controlled by the attacker,” the researchers wrote.
Still, the general theme is that social engineering remains the clearest path for attackers to reach victims, and that’s good news because there are many basic principles that potential victims can follow, such as using multi-factor authentication to protect accounts.
In this case it would also be useful to be careful with suspiciously cheap or free products/services and only download software from official providers.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
