Beware TikTok users! Experts issue alarm about malware disseminated by artificial intelligence-generated deceitful videos.
Cybersecurity specialists at Trend Micro have warned of a new malicious campaign on the popular video-sharing platform TikTok, involving AI-generated videos that trick users into installing infostealer malware.
The campaign revolves around deceptive videos demonstrating how to enable premium features in various software, such as Microsoft Office or Spotify. These videos, shared on TikTok where their virality is amplified by the platform's algorithm, urge viewers to execute PowerShell commands that download and install malicious scripts.
In contrast to previous methods, which involved linking directly to malware in video descriptions or comments, this innovative approach allows attackers to bypass most security measures. The resulting Vidar and StealC infostealers are designed to obtain sensitive data, including login credentials, credit card information, cookies, and cryptocurrency wallet data.
One of the involved videos has garnered over half a million views, demonstrating the campaign's success. It is noteworthy that this isn't the first time videos have been used to spread malware, yet this new approach presents a significant departure from prior tactics.
In light of these findings, individuals and businesses are urged to maintain heightened security awareness, particularly in relation to AI-generated content, and to closely monitor suspicious command execution involving PowerShell or other system utilities. Behavioral detection tools and updated user education are also vital defensive measures.
For secure password and data management, consider Keeper, a renowned cybersecurity platform offering features like zero-knowledge encryption, two-factor authentication, dark web monitoring, secure file storage, and breach alerts.
Sources: [1] Trend Micro, [2] Bleeping Computer, [4] Data Breach Today, [5] ComputerWeekly
- The alarming surge in cyberattacks on social-media platforms, such as TikTok, necessitates a focus on cybersecurity technology to safeguard against malicious campaigns, like the current one using AI-generated content to install infostealers.
- As evidenced by the recent TikTok campaign involving AI-generated videos, entertainment and general-news platforms are no longer safe havens from crime-and-justice threats like malware propagation.
- The increasing use of technology in propagating malware, such as the AI-generated videos on TikTok, highlights the need for ongoing user education and defense mechanisms, including behavioral detection tools, to counter these sophisticated threats.
