Don't scam yourself on TikTok in the New Year

Now that Santa is on vacation, the hackers are back and at it again.

This time, they're using TikTok to trick and trap you into hacking your own PC, giving the bad guys full, back-door access to your systems. Here's how it the scheme works:

1. You or someone on your network might be lured in by an easy TikTok video tutorial promising free activation of paid software such as Photoshop, Microsoft Office or AutoCAD, or popular games like Grand Theft Auto and Minecraft.
   

2. As a part of the instructions, you'll manually type and run a displayed command in an administrative PowerShell console.
   

3. This command will not activate the software, but instead quietly download and execute a malicious payload, giving the bad guys full, back-door access to your system and network.
   

And, just like that, you hacked yourself.

The Takeaway

This newly discovered hack deploys AuraStealer malware that uses a combination of techniques to hide its presence and bypass modern security detection tools. It's designed to smash and grab crypto wallets and steal usernames and passwords stored in applications and web browsers. Yikes!

Here's the simplest way to avoid becoming a victim: Tell your friends, family and staff that getting paid software for free usually means that you are inviting hackers into your computer and office network.

We can only fight cybercrime if we stay calm, use common sense and work together.

Stay safe out there.

-Attila

PS. Episode 16 of the CyberSecured Podcast is now available, where we talk about the anatomy of ransomware. Check it out on every platform you get your podcasts or at Cypac.com.