AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
Essential information
- Published
- 27/03/2026 19:58
- Modified
- 27/03/2026 20:01
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- aitm aura stealer bianlian cloudflare turnstile credential theft phishing social engineering stealc svg malware tiktok vidar
- Tags
- 2026-03-27 aitm aura stealer bianlian cloudflare turnstile credential-theft phishing social engineering stealc svg malware tiktok vidar
- Related entities
- 10 indicators, 10 observables, 10 techniques (mitre), 13 others
Description
A new phishing campaign is targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. The attackers employ Cloudflare Turnstile to evade detection and create convincing lookalike pages impersonating TikTok for Business or Google Careers. Victims are tricked into clicking malicious links, leading to credential theft. The campaign aims to seize control of business accounts, which can be used for malvertising and malware distribution. Multiple domains are involved in hosting the phishing pages. Additionally, a separate campaign using SVG file attachments to deliver malware has been observed in Venezuela, with potential links to BianLian ransomware activity.