Hackers use AI TikTok videos to trick users into installing malware

Just as Google announced Chrome would let you change compromised passwords automatically, we learned of another huge login credentials dump that made its way online. Over 184 million accounts were exposed online.

Plenty of people have been the victims of this attack, and there might be even more in the future. Their computers might be running some form of infostealer malware that can steal sensitive data, including usernames and passwords.

It’s paramount to avoid downloading shady content from the web or opening attachments from untrusted senders on your computer. Similarly, you might want to avoid installing apps from unofficial sources on any of your electronic devices.

It turns out that even if you do all that, you might not be safe. Some hackers figured out a way to use AI-generated videos on TikTok to install infostealers on Windows 11 PCs, and their method is absolutely brilliant. The AI didn’t create the malware; it just narrates instructions in clips, which will convince users to download the malware themselves.

The attack was found by TrendMicro (via Infosecurity-Magazine), and it’s super simple to implement if you’re the hacker.

All you have to do is create a free, faceless TikTok account and then use AI to generate videos with spoken content for your channel.

Those videos will be tutorials that people often seek online to fix certain problems. But instead of Windows 11 fixes, the clips will tell you how to activate Windows, Microsoft Office, or Spotify on your machine. That is, the user would want to activate pirated software on their devices, and they’ll follow the instructions in the clip.

What’s brilliant about the attack is that the AI was probably not used to make malware. While it’s technically possible to do that, it’s probably very difficult. Most AI programs have guardrails that will prevent them from helping. But AI programs will certainly speak any text you give them, including instructions to download malware.

Also, the TikTok clips do not feature download links or any text that would allow the built-in safety tools that TikTok employs to automatically detect and potentially ban the malicious TikTok accounts spreading malware.

Instead, the AI gives the user all the steps they need to follow to obtain the desired effect. They’ll think they’re activating their software, but they’ll be downloading the malware the hackers want to deploy on Windows 11 machines.

The malware is an infostealer program like Vidar and StealC. They’ll be used to extract sensitive information from Windows PCs, including login data and crypto wallets.

Also, the malware installs itself and hides so it can survive Windows machines for as long as possible. Even if you suspect something is wrong, you might not be able to fix it yourself.

Back to the way the TikTok scam works, if these malware tutorial videos posing as legitimate clips go viral on the platform, the TikTok algorithms might increase their visibility. Again, TikTok has no way to automatically find and remove a video without any text.

For example, one of the videos the security firm analyzed found that a malicious clip reached 500,000 views. It’s unclear how many people would have followed the instructions, but I wouldn’t be surprised if plenty of them did it.

TrendMicro found various TikTok accounts spreading malware by having the users install it themselves directly from the source. However, the use of AI to craft videos for social media platforms with relative ease means users only have to create new clips and new accounts to continue the scam. They might also want to spread their clips to other social platforms that lack the tech to autodetect such scams.

To stay safe, you should avoid such clips from shady sources. Also, don’t follow instructions in clips blindly. Use an AI program to understand what those instructions might do to your machine. And maybe don’t look for instructions on how to use pirated software.

If you think you’ve been affected, you might want to look for help from security companies. You’ll want to find the malware infection, remove it from the system, and then change all your passwords. You’ll also want to ensure the hackers did not steal money in any way.

With AI only getting better, such scams won’t disappear from the web anytime soon. But Microsoft might develop Windows security features that can warn users not to proceed with suspicious download links they might have typed in PowerShell. Social networks might also want to tighten their security to detect malicious clips soon after they’ve been uploaded to the platform and remove them.

You’ll find the detailed security report, complete with screenshots of the malicious TikTok accounts, at this link.