AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

March 27, 2026, 8:01 p.m.

Description

A new phishing campaign is targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. The attackers employ Cloudflare Turnstile to evade detection and create convincing lookalike pages impersonating TikTok for Business or Google Careers. Victims are tricked into clicking malicious links, leading to credential theft. The campaign aims to seize control of business accounts, which can be used for malvertising and malware distribution. Multiple domains are involved in hosting the phishing pages. Additionally, a separate campaign using SVG file attachments to deliver malware has been observed in Venezuela, with potential links to BianLian ransomware activity.

External References

https://thehackernews.com/2026/03/aitm-phishing-targets-tiktok-business.html
https://otx.alienvault.com/pulse/69c6d346df59de3f16b61387
Tags
phishing
social engineering
aitm
credential theft
vidar
bianlian
stealc
cloudflare turnstile
2026-03-27
aura stealer
svg malware
tiktok

Date

  • Created: March 27, 2026, 6:58 p.m.
  • Published: March 27, 2026, 6:58 p.m.
  • Modified: March 27, 2026, 8:01 p.m.

Attack Patterns

Additional Informations

  • Technology
  • Media
  • welcome.careerstransform.com
  • welcome.careerscrews.com
  • welcome.careersstaffgrid.com
  • welcome.careersgrower.com
  • welcome.careersprogress.com
  • welcome.careerssuccess.com
  • welcome.careersupskill.com
  • welcome.careersworkflow.com
  • welcome.careersengage.com
  • welcome.careerstaffer.com
  • Venezuela, Bolivarian Republic of