Cybersecurity researchers at Trend Micro have issued a warning about a new malware campaign targeting TikTok users, where hackers exploit AI-generated videos to trick individuals into downloading infostealing malware.

The malicious content is delivered both visually and aurally, complicating detection efforts by traditional security solutions.

TikTok's algorithm has amplified the reach of these videos, with some accumulating over 500,000 views, thereby increasing the potential impact of the attacks.

To protect against these scams, Trend Micro advises users to critically evaluate unsolicited technical instructions and verify the legitimacy of video sources.

The report emphasizes the need for security strategies to adapt to the role of social media in malware distribution, advocating for a holistic approach that includes social media monitoring and user education.

The malware types involved, Vidar and StealC, are designed to steal sensitive information such as passwords, credit card details, and two-factor authentication codes.

This scam marks an evolution in attack methods, embedding malware within PowerShell commands demonstrated in videos, which allows attackers to bypass conventional security measures.

These videos often feature convincing visuals and AI-generated voice instructions, making them appear trustworthy and leading users to execute harmful PowerShell commands.

One particular video prompted users to run a PowerShell command, resulting in significant engagement, including over 20,000 likes and numerous comments detailing users' negative experiences.

While the exact number of users infected after viewing these videos is unknown, Trend Micro is analyzing the PowerShell scripts used and providing indicators of compromise.

The rapid production of AI-generated content allows attackers to effectively target various user segments, facilitating large-scale campaigns rather than isolated incidents.

Users are cautioned to avoid running unfamiliar PowerShell commands and refrain from downloading files from unknown URLs to safeguard their systems.