TikTok for Business accounts targeted in new phishing campaign

Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages.

TikTok Business accounts may be targeted due to their high potential for abuse in malvertising campaigns, ad fraud, and the distribution of malicious content.

Browser threat detection and response company Push Security links the campaign to one documented last year, which targeted Google Ad Manager accounts.

TikTok has previously been used tospread information-stealing malwarevia malicious videos, as well as cryptocurrency scamsvia fake promotions. TikTok for Business accounts are ideal for such purposes due to their increased reach and perceived legitimacy.

In a report shared with BleepingComputer,Push Security saysthat victims are lured to Cloudflare-hosted phishing pages registered on March 24 via NiceNIC, a registrar often reported by cybersecurity researcher for being used for cybercriminal activities.

Push Security could not determine the initial delivery mechanism, but believes that the threat actor uses a similar method as observed in activityreported by Sublime Security.

The initial link redirects via a legitimate Google Storage URL, blocks bots using a Cloudflare Turnstile check, and then redirects to the malicious pages.

The domains feature similar names, and are all hosted on the same Google Storage bucket:

The malicious pages impersonate TikTok for Business and Google Careers “Schedule a Call” pages, requesting visitors to enter basic information in a form to validate they’re using a business email address.