OC
英语轻松读发新版了,欢迎下载、更新

TikTok fans beware - experts warn dangerous malware spread by AI fake videos

2025-05-26 15:22:00 英文原文

作者:Sead FadilpašićSocial Links Navigation

A person holding out their hand with a digital AI symbol.
(Image credit: Shutterstock / LookerStudio)
  • Trend Micro saw a new malware campaign on TikTok
  • The videos demonstrate how to activate "premium" features in different software
  • The clips were AI-generated and trick the victims into downloading infostealers

Hackers are posting AI-generated videos on TikTok to trick users into downloading infostealing malware, cybersecurity researchers Trend Micro have warned.

The premise is simple: the attackers use AI to generate numerous videos demonstrating how to easily “activate” Windows and Microsoft Office, or enable “premium features” in apps such as Spotify or CapCut.

They then share these videos on TikTok, whose algorithm makes it more likely to turn the video viral, making the success of the attack more likely.

A new spin on old tricks

In the clip, a person is shown bringing up the Run program on Windows, and then executing a PowerShell command.

While in the video the command results in the activation of special features, in reality, users running the command would download a malicious script which, in turn, deploys Vidar and StealC infostealers.

These infostealers can take screenshots, steal login credentials, grab credit card data, exfiltrate cookies, cryptocurrency wallet information, 2FA codes, and more.

"This attack uses videos (possibly AI-generated) to instruct users to execute PowerShell commands, which are disguised as software activation steps. TikTok's algorithmic reach increases the likelihood of widespread exposure, with one video reaching more than half a million views," Trend Micro said.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

"The videos are highly similar, with only minor differences in camera angles and the download URLs used by PowerShell to fetch the payload," the researchers added.

"These suggest that the videos were likely created through automation. The instructional voice also appears AI-generated, reinforcing the likelihood that AI tools are being used to produce these videos."

One of the videos has roughly 500,000 views, more than 20,000 likes, and more than 100 comments, making it quite successful.

Videos were being used to deliver malware in the past, too, but this new campaign is a significant departure from earlier methods.

The difference is that before, the link to the malware was shared in the video’s description, or comment, where it could still be picked up by security solutions. By delivering the bait in a video format, the attackers successfully bypass almost all security measures.

Via BleepingComputer

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

关于《TikTok fans beware - experts warn dangerous malware spread by AI fake videos》的评论

暂无评论

发表评论



摘要

Trend Micro warns of a new malware campaign on TikTok where hackers post AI-generated videos tricking users into downloading infostealing malware. The videos falsely claim to activate premium features in software like Windows, Microsoft Office, or Spotify by executing PowerShell commands that actually deploy malware such as Vidar and StealC, capable of stealing various sensitive data. The use of AI to generate highly similar but subtly different videos maximizes the chance of going viral due to TikTok’s algorithm, making these attacks more successful than previous methods.

相关新闻

相关讨论