- Trend Micro saw a new malware campaign on TikTok
- The videos demonstrate how to activate "premium" features in different software
- The clips were AI-generated and trick the victims into downloading infostealers
Hackers are posting AI-generated videos on TikTok to trick users into downloading infostealing malware, cybersecurity researchers Trend Micro have warned.
The premise is simple: the attackers use AI to generate numerous videos demonstrating how to easily “activate” Windows and Microsoft Office, or enable “premium features” in apps such as Spotify or CapCut.
They then share these videos on TikTok, whose algorithm makes it more likely to turn the video viral, making the success of the attack more likely.
A new spin on old tricks
In the clip, a person is shown bringing up the Run program on Windows, and then executing a PowerShell command.
While in the video the command results in the activation of special features, in reality, users running the command would download a malicious script which, in turn, deploys Vidar and StealC infostealers.
These infostealers can take screenshots, steal login credentials, grab credit card data, exfiltrate cookies, cryptocurrency wallet information, 2FA codes, and more.
"This attack uses videos (possibly AI-generated) to instruct users to execute PowerShell commands, which are disguised as software activation steps. TikTok's algorithmic reach increases the likelihood of widespread exposure, with one video reaching more than half a million views," Trend Micro said.
"The videos are highly similar, with only minor differences in camera angles and the download URLs used by PowerShell to fetch the payload," the researchers added.
"These suggest that the videos were likely created through automation. The instructional voice also appears AI-generated, reinforcing the likelihood that AI tools are being used to produce these videos."
One of the videos has roughly 500,000 views, more than 20,000 likes, and more than 100 comments, making it quite successful.
Videos were being used to deliver malware in the past, too, but this new campaign is a significant departure from earlier methods.
The difference is that before, the link to the malware was shared in the video’s description, or comment, where it could still be picked up by security solutions. By delivering the bait in a video format, the attackers successfully bypass almost all security measures.
Via BleepingComputer
You might also like
- YouTubers targeted by blackmail campaign to promote malware on their channels
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
