Cybercriminals are using TikTok to trick users into downloading malware, as reported by researchers from Trend Micro, a global cybersecurity firm. They have identified a new type of social engineering scheme that targets TikTok users.
In these videos, which appear to be AI-generated, users are lured with promises of free software like Windows and Microsoft Office, as well as premium features in apps such as CapCut and Spotify.
The scammers instruct viewers to run a simple PowerShell command, disguising it as a way to activate the software.
Unfortunately, by following these instructions, users inadvertently allow malware like Vidar and StealC into their devices. Many of these deceptive videos have garnered hundreds of thousands of views.
PowerShell commands are brief lines of code meant to perform tasks on your computer, so it’s crucial to be cautious about any commands or software links encountered on TikTok.
According to Trend Micro, this campaign involves attackers using TikTok videos to verbally guide users into executing harmful commands on their own devices.
The manipulation happens directly in the video, rather than through hidden code or scripts. Since there is no malicious code on the platform itself, existing security measures struggle to detect or block these threats.
The attackers rely on visual and audio instructions, making it harder for security systems to identify and combat these scams.
While TikTok did not provide comments on this specific threat, the company confirmed that the accounts involved in this scheme have been shut down. Users can find more information about scams and phishing attempts at the TikTok Safety Center.
Other Stories You May Like