GoKawiilThreat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages.
TikTok Business accounts may be targeted due to their high potential for abuse in malvertising campaigns, ad fraud, and the distribution of malicious content.
Browser threat detection and response company Push Security links the campaign to one documented last year, which targeted Google Ad Manager accounts.
TikTok has previously been used to spread information-stealing malware via malicious videos, as well as cryptocurrency scams via fake promotions. TikTok for Business accounts are ideal for such purposes due to their increased reach and perceived legitimacy.
In a report shared with BleepingComputer, Push Security says that victims are lured to Cloudflare-hosted phishing pages registered on March 24 via NiceNIC, a registrar often reported by cybersecurity researcher for being used for cybercriminal activities.
Push Security could not determine the initial delivery mechanism, but believes that the threat actor uses a similar method as observed in activity reported by Sublime Security.
The initial link redirects via a legitimate Google Storage URL, blocks bots using a Cloudflare Turnstile check, and then redirects to the malicious pages.
The domains feature similar names, and are all hosted on the same Google Storage bucket:
welcome.careerscrews[.]com
welcome.careerstaffer[.]com
... continue reading