- TikTok and Instagram Reels are now being used to target victims
- “Free” Spotify, Microsoft, Adobe subscriptions aimed at cash-strapped users
- Social engineering is still the best vector, but basic account security measures do much of the heavy lifting
A new report from ReversingLabs warns doomscrollers about videos spread across short-form platforms like TikTok and Instagram Reels that infect users with password-stealing malware.
The videos typically promise free access to subscriptions such as Spotify Premium, Windows, Office and Adobe – an immediate sign that things may not be as they seem.
Instead of receiving phishing emails, victims are asked to open command-line tools like PowerShell and then paste and run the command shown in the video.
Beware of this information stealing malware
When they run the command, it triggers a piece of malware to be downloaded and installed on a victim’s computer. Vidar, the info thief, targets usernames, passwords, cookies, session tokens, cryptocurrency wallet data, personal files and documents, and other sensitive information.
But more importantly, it marks a significant change – in the past, email phishing campaigns have been extremely popular for accessing victims’ credentials with a single click of a link leading to potential disaster. This newer method relies on victims physically entering commands into a tool, which requires more patience.
Ultimately, the attack takes advantage of the current economic pressures and the fact that consumers are looking for cheap and free alternatives to popular subscriptions.
“This form of social engineering is an easy way for threat actors to drive traffic away from social media and onto a hacker-controlled malicious website,” the researchers wrote.
Regardless, the overall theme is that social engineering remains the clearest route for attackers to reach victims, and that’s good news because there are many basic principles that victims can follow, such as to use multi-factor authentication to secure accounts.
Being wary of suspiciously cheap or free products/services and only downloading software from official vendors will also help in this case.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
