Threat actors have leveraged TikTok videos to spread malware in a new twist to the ClickFix attack technique, according to Cybernews.Targets have been lured into downloading and executing malware via spurious software activation guides and tutorials on TikTok, reported security consultant and blogger Xavier Mertens in a post on the SANS Technology Institute's Internet Storm Center.In a video purporting to assist in free Photoshop activation, attackers lured targets into running a command on PowerShell as admin, which is followed by the downloading of a next-stage executable that is Aura Stealer, said Mertens, who observed a handful of popular TikTok videos that allowed such a malware delivery scheme.Aura Stealer could enable credential exfiltration across all browsers, browser extensions, and applications, as well as two-factor authentication tools."Attackers are everywhere! They try to abuse victims using new communication channels and social engineering techniques!" said Mertens.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds