TikTok fans beware - experts warn dangerous malware spread by AI fake videos

Date:
Mon, 26 May 2025 15:22:00 +0000

Description:
Cybercriminals are using AI to generate convincing "how-to" videos.

FULL STORY ======================================================================Trend Micro saw a new malware campaign on TikTok The videos demonstrate how to activate "premium" features in different software The clips were AI-generated and trick the victims into downloading infostealers

Hackers are posting AI-generated videos on TikTok to trick users into downloading infostealing malware , cybersecurity researchers Trend Micro have warned.

The premise is simple: the attackers use AI to generate numerous videos demonstrating how to easily activate Windows and Microsoft Office, or enable premium features in apps such as Spotify or CapCut.

They then share these videos on TikTok, whose algorithm makes it more likely to turn the video viral, making the success of the attack more likely.

Get Keeper Personal for just $1.67/month, Keeper Family for just
$3.54/month, and Keeper Business for just $7/month

Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
to protect against cyber threats.

Preferred partner ( What does this mean? ) View Deal A new spin on old
tricks

In the clip, a person is shown bringing up the Run program on Windows, and then executing a PowerShell command.

While in the video the command results in the activation of special features, in reality, users running the command would download a malicious script
which, in turn, deploys Vidar and StealC infostealers.

These infostealers can take screenshots, steal login credentials, grab credit card data, exfiltrate cookies, cryptocurrency wallet information, 2FA codes, and more.

"This attack uses videos (possibly AI-generated) to instruct users to execute PowerShell commands, which are disguised as software activation steps. TikTok's algorithmic reach increases the likelihood of widespread exposure, with one video reaching more than half a million views," Trend Micro said.

"The videos are highly similar, with only minor differences in camera angles and the download URLs used by PowerShell to fetch the payload," the researchers added.

"These suggest that the videos were likely created through automation. The instructional voice also appears AI-generated, reinforcing the likelihood
that AI tools are being used to produce these videos."

One of the videos has roughly 500,000 views, more than 20,000 likes, and more than 100 comments, making it quite successful.

Videos were being used to deliver malware in the past, too, but this new campaign is a significant departure from earlier methods.

The difference is that before, the link to the malware was shared in the videos description, or comment, where it could still be picked up by security solutions. By delivering the bait in a video format, the attackers successfully bypass almost all security measures.

Via BleepingComputer You might also like YouTubers targeted by blackmail campaign to promote malware on their channels Take a look at our guide to the best authenticator app We've rounded up the best password managers



======================================================================
Link to news story: https://www.techradar.com/pro/security/tiktok-fans-beware-experts-warn-dangero us-malware-spread-by-ai-fake-videos


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)