AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion

A new phishing campaign is targeting TikTok for Business accounts using adversary-in-the-middle (AitM) techniques. The attackers employ Cloudflare Turnstile to evade detection and create convincing lookalike pages impersonating TikTok for Business or Google Careers. Victims are tricked into clicking malicious links, leading to credential theft. The campaign aims to seize control of business accounts, which can be used for malvertising and malware distribution. Multiple domains are involved in hosting the phishing pages. Additionally, a separate campaign using SVG file attachments to deliver malware has been observed in Venezuela, with potential links to BianLian ransomware activity.

Pulse ID: 69c6d346df59de3f16b61387
Pulse Link: https://otx.alienvault.com/pulse/69c6d346df59de3f16b61387
Pulse Author: AlienVault
Created: 2026-03-27 18:58:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AdversaryInTheMiddle #AitM #BianLian #Cloud #CyberSecurity #Google #InfoSec #Malvertising #Malware #OTX #OpenThreatExchange #Phishing #RAT #RansomWare #SVG #bot #AlienVault