好的,我现在需要帮用户总结一篇文章,控制在100字以内。首先,我得仔细阅读文章内容,抓住主要信息。 文章标题是“New AITM phishing wave hijacks TikTok Business accounts”,看起来是关于新的网络钓鱼攻击针对TikTok商业账户。接着,文章提到攻击者使用AITM钓鱼页面,模仿TikTok和Google的主题,目的是劫持账户用于恶意广告、窃取凭证、传播恶意软件和广告欺诈。 攻击者使用了新注册的域名,通过Cloudflare托管,并且页面有重定向机制,先从合法的Google存储页面跳转到钓鱼页面。用户被要求填写信息后,进入恶意登录页面。此外,攻击者还使用了bot保护来避免被检测到,并通过定向邮件传播。 总结下来,关键点包括:新的AITM钓鱼攻击、针对TikTok商业账户、模仿Google和TikTok页面、劫持账户用于恶意广告和欺诈、使用短命的IoCs来快速更换域名。 现在需要把这些信息浓缩到100字以内。要确保涵盖攻击目标、方法、后果以及技术手段。同时避免使用“这篇文章”或“内容总结”这样的开头。 可能的结构:介绍攻击类型和目标,描述钓鱼手法和后果,最后提到技术手段如短命IoCs。 最终总结可能会是:“新一波AITM网络钓鱼攻击针对TikTok商业账户,利用仿冒页面窃取信息并进行恶意广告和欺诈活动。攻击者通过短命的IoCs快速更换域名以逃避检测。” 检查一下字数是否在限制内,并确保所有关键点都涵盖进去。 </think> 新一波AITM网络钓鱼攻击针对TikTok商业账户,利用仿冒页面窃取信息并进行恶意广告和欺诈活动。攻击者通过短命的IoCs快速更换域名以逃避检测。 2026-3-27 15:23:28 Author: securityaffairs.com(查看原文) 阅读量:1 收藏
New AITM phishing wave hijacks TikTok Business accounts
A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams.
Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous operations. Once compromised, accounts are used to run malicious ads, steal credentials, spread malware, and conduct ad fraud, diverting company advertising budgets for profit.
Attackers used newly registered domains created within seconds and hosted behind Cloudflare. The pages follow a common naming pattern and redirect victims from legitimate services before loading fake TikTok for Business or Google “Schedule a call” pages.
Users are asked to fill in basic details, then shown a malicious login page powered by an AITM phishing kit. The campaign uses bot protection to evade detection and likely spreads via targeted emails, similar to past operations.
“When the link is first clicked, the page is silently redirected from a legitimate Google Storage site before loading the page.” reads the report published by Push Security. “A Cloudflare Turnstile check is used to prevent security bots from analyzing the page, before loading either a TikTok or Google themed page. Progressing through the forms ultimately serves up an AITM phishing page.”
By combining trusted branding, redirects, and layered deception, attackers increase success rates and harvest credentials for further abuse, including account takeover and fraud.
While phishing campaigns usually mimic platforms like Google or Microsoft, targeting TikTok is becoming more common.
The platform has long been used to spread malicious links and social engineering content, including videos that trick users into installing infostealers like Vidar or StealC. It is also widely abused for crypto scams and direct attacks via messages. Gaining access to TikTok business accounts is especially valuable, as they can be used for malvertising and fraud.
Many users log in via Google, meaning a single compromise can expose both TikTok and Google accounts, enabling broader abuse such as ad fraud, data theft, and access to other connected services.
The report also includes Indicators of Compromise (IoCs) for this campaign.
“Short-lived IoCs are of limited value when tackling modern phishing attacks due to the rate at which attackers are able to quickly spin up and rotate the sites used in the attack chain, often dynamically serving different URLs to site visitors.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, TikTok)
如有侵权请联系:admin#unsafe.sh