In recent months, a bevy of ten-second promotional videos have spread across TikTok amassing millions of views. They purport to offer an easy way to unlock paid-for subscriptions or features for major apps like Microsoft Windows, Office365 and Spotify Premium: a simple prompt typed into the PowerShell command-line tool in Windows.
But that command doesn’t unlock any premium services. Instead, it downloads and installs malware designed to pilfer all manner of private information from an infected PC — personal documents, cryptocurrency, social media logins. And the cybersecurity researcher at Trend Micro who discovered the attack told Forbes traditional security tools will likely miss it because the malware isn’t being delivered via an email attachment or software exploit. Instead, it’s being unwittingly installed by people looking for a freebie subscription.
“There is no malicious code present on the platform for security solutions to analyze or block,” the company explained in a report on the attack. “All actionable content is delivered visually and aurally.”
Trend Micro researcher Junestherry Dela Cruz told Forbes the company believes the scam is being perpetuated with the help of AI. The videos promoting it all share similar artificial voices, and nearly identical video shots and camera angles..
TikTok told Forbes it had removed all accounts the researchers flagged as malicious, but declined further comment.
While it’s impossible to determine how many people followed the videos’ malware-installing instructions, it’s clear they were widely viewed on TikTok. One video, promising to “boost your Spotify experience instantly,” reached more than half a million views. And a pair of TikTok accounts with 11 videos between them amassed almost 1 million.
In the comments for one video that had generated over 550,000 views, offering pro features in Windows, one viewer asked, “Is this safe?” Their answer came other comments, where one said their hard drive had been wiped after running the code, while another added, “All my accounts were hacked because of these videos.”
MORE ON FORBES
Read the full article here