TikTok videos + ClickFix tactic = Malware infection
Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned.
The videos are getting published by a number of TikTok user accounts, seem AI-made, and are apparently attracting a large audience.
“The videos [verbally] instruct viewers to run a sequence of commands to purportedly activate legitimate software, such as Windows OS, Microsoft Office, CapCut, and Spotify,” the researchers noted.
“The social engineering occurs within the video itself, rather than through detectable code or scripts. There is no malicious code present on the platform for security solutions to analyze or block. All actionable content is delivered visually and aurally.”
One particular video has been viewed, liked, and bookmarked by tens of thousands of users, and viewed by nearly half a million:
TikTok video using ClickFix (Source: Trend Micro)
How many users actually followed the instructions is impossible to tell, but those who did have run a PowerShell command that downloads and executes a remote script that downloads either the Vidar or StealC malware, launches it, and downloads an additional script that assures the threat’s persistence on the machine.
Advice for organizations
“This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware,” the researchers said, and noted that traditional security controls can’t do much against attacks that exploit user trust.
Organizations should invest in training employees to strengthen their awareness about social engineering attacks and techniques, including the many variants of the ClickFix tactic.
They should also monitor user behavior to spot anomalous activities such as the use of PowerShell, direct downloads from unknown URLs, unauthorized creation of folders, or modifications in security settings, Trend Micro advised.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!