CyberSecurity news

FlagThis

info@thehackernews.com (The@The Hacker News //
A concerning trend has emerged on TikTok where cybercriminals are exploiting the platform's widespread reach through AI-generated videos to distribute malware. These deceptive videos lure users into executing malicious PowerShell commands under the guise of providing instructions for software activation or unlocking premium features for applications like Windows, Microsoft Office, Spotify, and CapCut. Trend Micro researchers discovered that these videos, often featuring AI-generated voices and visuals, instruct viewers to run specific commands that ultimately download and install information-stealing malware such as Vidar and StealC.

One notable example highlighted by researchers involves a TikTok video claiming to offer instant Spotify enhancements, which amassed nearly half a million views along with a significant number of likes and comments. However, instead of delivering the promised benefits, the command provided in the video downloads a remote script that installs Vidar or StealC malware, executing it as a hidden process with elevated system privileges. These infostealers are designed to harvest sensitive information, including credentials, browser sessions, and cryptocurrency wallets, posing a substantial risk to unsuspecting users who fall victim to this social-engineering attack.

Security experts warn that these attacks are leveraging the "ClickFix" technique and using AI to generate convincing "how-to" videos. By exploiting the trust users place in video tutorials and the desire for free software or features, cybercriminals are effectively tricking individuals into infecting their own systems. Once active, the malware connects to command-and-control (C&C) servers to exfiltrate stolen data. Vidar employs stealthy tactics, utilizing platforms like Steam and Telegram as Dead Drop Resolvers to hide C&C details, while StealC uses direct IP connections. Users are urged to exercise caution and verify the legitimacy of instructions before running any commands provided in online videos.
Original img attribution: https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEja2r9zRT1B3kFXRsqAisBS-0xUmK3YyCkdyP1Muj-TRAwew5chCVK8C3NPWUgbCk9UdkfeIKxlzpQEPJgIvf3U_NlrdH4Q018ciwNINW2hcFzvIworPsoNICvc4KJRuo9TMX7SrAWXSzD6gjursrImyZgBc4n8nHTk5ucJGRBFbJ1R3nVifkP48O2L4mz2/s728-rw-e365/cc.jpg
ImgSrc: blogger.googleu

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • CyberInsider: AI-Generated Videos on TikTok Push Vidar and StealC Infostealers
  • Virus Bulletin: Trend Micro researcher Junestherry Dela Cruz describes a TikTok campaign that uses possibly AI-generated videos to lure victims into executing PowerShell commands that lead to Vidar and StealC information stealers.
  • BleepingComputer: TikTok videos now push infostealer malware in ClickFix attacks
  • Help Net Security: TikTok videos + ClickFix tactic = Malware infection
  • bsky.app: Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks.
  • The Hacker News: The malware known as Latrodectus has become the latest to embrace the widely-used social engineering technique called ClickFix as a distribution vector.
  • securityonline.info: Trend Micro reveals a growing threat on TikTok, where AI-generated videos deceive users into running malicious PowerShell commands
  • Thomas Fox-Brewster: Forbes discusses AI TikTok Videos Promising Free Spotify And Windows Subscriptions Trick Users Into Installing Malware Instead.
  • bsky.app: Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks.
  • www.scworld.com: Infostealer deployed via TikTok videos
  • bsky.app: Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks.
  • TARNKAPPE.INFO: ClickFix-Malware über TikTok: Mit viralen TikTok-Videos als Trojanischem Pferd starten Cyberkriminelle neue Angriffswellen.
  • bsky.app: BleepingComputer reports Cybercriminals are using TikTok videos to trick users into infecting themselves with Vidar and StealC information-stealing malware in ClickFix attacks.
  • www.sentinelone.com: SentinelOne's Mary Braden Murphy shows how ClickFix is weaponizing verification fatigue to deliver RATs & infostealers. Tricking victims into infecting themselves in this manner has proven highly effective, with threat actors increasingly folding this technique into their playbook.
  • The DefendOps Diaries: Unmasking ClickFix: The New Cyber Threat on TikTok
  • securityaffairs.com: Fake software activation videos on TikTok spread Vidar, StealC.
  • The Hacker News: Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
  • ciso2ciso.com: Fake software activation videos on TikTok spread Vidar, StealC – Source: securityaffairs.com
  • www.techradar.com: Cybercriminals are using AI to generate convincing "how-to" videos.
  • PCMag UK security: Warning: AI-Generated TikTok Videos Want to Trick You Into Installing Malware
  • Threats | CyberScoop: Mandiant flags fake AI video generators laced with malware
  • Threats | CyberScoop: Mandiant flags fake AI video generators laced with malware
  • Virus Bulletin: Google Mandiant Threat Defense investigates a UNC6032 campaign that exploits interest in AI tools. UNC6032 utilizes fake “AI video generator†websites to deliver malware leading to the deployment of Python-based infostealers and several backdoors.
  • cloud.google.com: Google Mandiant Threat Defense investigates a UNC6032 campaign that exploits interest in AI tools. UNC6032 utilizes fake “AI video generator†websites to deliver malware leading to the deployment of Python-based infostealers and several backdoors.
  • hackread.com: Mandiant Threat Defense uncovers a campaign where Vietnam-based group UNC6032 tricks users with malicious social media ads for…
  • Malwarebytes: Cybercriminals are using text-to-video-AI tools to lure victims to fake websites that deliver malware like infostealers and Trojans.
Classification: