""TikTok has been historically abused to distribute malicious links and social engineering instructions, including multiple infostealers like Vidar, StealC, and Aura Stealer delivered via ClickFix-style instructions with AI-generated videos posed as activation guides for Windows, Spotify, and CapCut.""
""The campaign begins with tricking victims into clicking on a malicious link that directs them to either a lookalike page impersonating TikTok for Business or a page that's designed to impersonate Google Careers, along with an option to schedule a call to discuss the opportunity.""
""Regardless of the type of page served, the end goal is the same: perform a Cloudflare Turnstile check to block bots and automated scanners from analyzing the contents of the page and serve a malicious AitM phishing page login page that's designed to steal their credentials.""
Adversary-in-the-middle phishing pages are being used to take control of TikTok for Business accounts. Business accounts are attractive targets for bad actors due to their potential for malvertising and malware distribution. Victims are tricked into clicking malicious links that lead to impersonated TikTok for Business or Google Careers pages. The phishing pages perform a Cloudflare Turnstile check to evade detection and steal credentials. Multiple domains host these phishing pages, and a related campaign using SVG file attachments to deliver malware has also been noted.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]