Phishing Attacks Leverage TikTok, Instagram Reels

Description

Threat actors are exploiting short-form video platforms like TikTok and Instagram Reels to conduct social engineering attacks. Two distinct campaign methods have been identified: professional-looking fake tutorials with AI-generated voiceovers promising free premium software, and casual videos showcasing premium features to generate engagement through comments. Both approaches direct victims to malicious websites hosting infostealer malware, particularly Vidarstealer. The campaigns leverage platform algorithms through high engagement rates including saves, shares, and comments. Attackers use multiple accounts with Windows-themed branding and manipulate PowerShell commands to download malicious executables. These techniques are difficult to counter as creators can delete warning comments and platform reporting mechanisms prove ineffective. The attacks target non-technical users seeking free access to premium services like Spotify, Microsoft Office, and other software, making social media feeds an emerging p...