Cybersecurity researchers have identified a new phishing operation targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. According to a recent analysis by Push Security, these accounts are valuable targets due to their potential for misuse in malvertising and malware distribution.
Exploiting TikTok’s Popularity
Push Security has highlighted that TikTok has been misused in the past for spreading malicious links and executing social engineering attacks. Notably, this includes the dissemination of various infostealers like Vidar, StealC, and Aura Stealer. These threats have been delivered through AI-generated videos that pretend to be activation guides for popular software such as Windows, Spotify, and CapCut.
The phishing campaign employs deceptive tactics, enticing users to click on links that lead either to a fake TikTok for Business site or a fraudulent Google Careers page. These pages may also offer users the option to schedule a call, furthering the illusion of legitimacy.
Cloudflare Turnstile Evasion
Despite the varying designs of these phishing pages, their objective remains consistent: to bypass security measures by utilizing a Cloudflare Turnstile check. This step is crucial as it prevents automated systems from detecting the malicious content of the pages, ultimately leading victims to a login page meant to capture their credentials.
The campaign employs several domains to host these phishing pages, including:
- welcome.careerscrews[.]com
- welcome.careerstaffer[.]com
- welcome.careersworkflow[.]com
- welcome.careerstransform[.]com
- welcome.careersupskill[.]com
SVG Files as a Threat Vector
In a related development, WatchGuard has reported another phishing operation leveraging Scalable Vector Graphics (SVG) files to spread malware, particularly targeting users in Venezuela. The SVG files, disguised as invoices or budgets, contain URLs that download malicious software.
These files exploit ja.cat to shorten URLs from legitimate domains with vulnerabilities, allowing redirection to harmful websites. The resultant malware, written in Go, shares similarities with the BianLian ransomware previously identified by SecurityScorecard in early 2024.
This ongoing campaign underlines the need for vigilance, as even seemingly benign file types like SVGs can introduce significant cybersecurity risks. The deceptive use of SVG attachments in phishing emails highlights the evolving tactics of cybercriminals.
As digital threats become more sophisticated, organizations and individuals must remain alert to protect against these advanced phishing schemes that seek to compromise personal and business data.
