216.73.216.204

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

· Published 27/03/2026 19:58 · Modified 27/03/2026 20:01

Export JSON

Essential information

Published
27/03/2026 19:58
Modified
27/03/2026 20:01
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
aitm aura stealer bianlian cloudflare turnstile credential theft phishing social engineering stealc svg malware tiktok vidar
Tags
2026-03-27 aitm aura stealer bianlian cloudflare turnstile credential-theft phishing social engineering stealc svg malware tiktok vidar
Related entities
10 indicators, 10 observables, 10 techniques (mitre), 13 others

Description

A new campaign is targeting for Business accounts using adversary-in-the-middle () techniques. The attackers employ to evade detection and create convincing lookalike pages impersonating for Business or Google Careers. Victims are tricked into clicking malicious links, leading to . The campaign aims to seize control of business accounts, which can be used for malvertising and malware distribution. Multiple domains are involved in hosting the pages. Additionally, a separate campaign using SVG file attachments to deliver malware has been observed in Venezuela, with potential links to ransomware activity.

External references