hamla jdida dial Phishing (AitM) katsitdef TikTok for Business b-sti3mal Cloudflare Turnstile bbash t-khaba
AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion
hamla jdida dial Phishing (AitM) katsitdef TikTok for Business b-sti3mal Cloudflare Turnstile bbash t-khaba
TL;DR (L-kholasa)
Nass li kigremiw (Threat actors) khdammin b-hamaat dial phishing mn naw3 Adversary-in-the-Middle (AitM) bbash ikhtasbo hsabt "TikTok for Business". B-sti3mal Cloudflare Turnstile bbash iblokiw les scanners dial l-amn (security scanners) w-t-mttil d-shakhsiya dial sites m3rofin bhal Google Careers, had l-khonafas kigamtho l-andpma d-dfa3 l-3adiya bbash ishfro les credentials (smit l-ousers w l-mot de passe) w les "session tokens".
Kayna wahed l-mowja jdida dial l-hamaat dial phishing l-motiowra katsitdef hsabat mo-hima f-shabakat l-tawasol l-ijtima3i. 3la hssab wahed l-taqrir jdid mn Push Security, had l-mousha3biw (threat actors) khdammin daba b-techaniques dial AitM khousousan bbash it-saytro 3la hsabat TikTok for Business.
Had l-hsabat homa l-hadaf l-asasi dial l-mousha3biwin li-annahom kiychkelo platforme qwiya l-ich-harat l-khadi3a (malvertising) w-nashr l-programat l-khabita (malware). Melli kit-pirataw had l-hsabat l-tijariya, imken l-hadok l-khonafas ista3mlohom bbash idiro hamalat ich-hariya kaddhek 3la bnadem awla inshro lianat khabita l-jomhor kbir t-ht l-ghita' dial marque m3rofa w-mo-htarama.
l-tatawor dial l-hamla
Hadi machi awel merra kibano fiha had l-khatar. Sublime Security kant deja charat l-wahed l-nuskha qdima dial had l-hamla d-phishing f-october 2025. Dik l-version kant katsit3mel ghir had l-hila dial l-handasa l-ijtima3iya (social engineering) 3an tariq emaylat kibanou b-hali jayyin mn jiha pro.
F-l-madi, TikTok kan dima wahed l-blast mzyana l-nashr l-programat li kishfro l-ma3loumat (infostealers) bhal Vidar, StealC, w Aura Stealer. L-mousha3biwin kanou kay-khdmo b-tariqat "ClickFix" w-vidiowat m-saybin b-l-idaka' l-istina3i (AI) — li kibanou b-hal chrh d-t-f3il dial chi logicielyat m3roufin bhal Windows awla Spotify — bbash i-qelbou l-ousers w-i-kheliwhom i-pirataw rashom b-idhom.
Tariqat d-darba: Safahat mo-zawara w-3orod khidma kadeb
Had l-hamla l-jdida kat-bda b-wahed l-lien khabit m-soweb bbash i-jrr l-dahaya l-p-fiyda. L-ba-hitin lqaw joj d-l-anwa3 dial l-ghdayer li kista3mlouhom:
- T-mttil TikTok for Business: Safha katchbah l-l-original b-ga3 l-tafassil dial portal TikTok business l-rasmi.
- T-mttil Google Careers: Safha m-sowba bbash t-ban b-hal chi forsat 3amal f-Google, w-hta kigolo l-dahaya "rj3 3ndna wahed l-appeler" (schedule a call) bbash i-hdrou 3la l-khidma.
l-hroub mn l-kashf b-Cloudflare Turnstile
Mn bin l-hwayej l-tiqniya li bach katzina had l-hamla hiya l-sti3mal dial Cloudflare Turnstile. Qbel ma t-ban dik l-safha d-phishing, l-dahiya khasso i-dowez wahed l-tes d-hali kiy-shbeh l-CAPTCHA.
Wakha hadchi kiban l-l-ouser b-hali ghir ijra' amni 3adi, l-gharad dialo l-haqiqi hwa i-koun houajiz dfa3i did les outils d-secruité. Melli kitalbou had l-t-fa3ol l-yidawi, l-mousha3biwin kiblokiw les bots w les scanners d-amn l-atomaticiens mn l-analyser dial l-mo-htawa l-khabit f-dik l-safha dial AitM. Melli ki-dowez l-dahiya l-test, kat-ban lih l-safha dial login dial AitM li m-sowba bbash t-khatef smit l-ouser w l-code w hta l-cookies dial l-session f-l-waqt l-haqiqi.
L-mawqi3 (Domains) l-khabita li t-3rfo
Push Security lqat bezeff dial les domaines li 3ndhom l-alaqa b-had l-hamla. L-aghlabiya dialhom fihom k-lmat "careers" bbash i-kmlou l-kedba dial Google:
welcome.careerscrews[.]comwelcome.careerstaffer[.]comwelcome.careersworkflow[.]comwelcome.careerstransform[.]comwelcome.careersupskill[.]comwelcome.careerssuccess[.]comwelcome.careersstaffgrid[.]comwelcome.careersprogress[.]comwelcome.careersgrower[.]comwelcome.careersengage[.]com
Tawajohat k-bira dial l-Phishing: Malware SVG f-Venezuela
F-wahed l-mawdo3 akhor l-akin 3ndo l-3alaqa, ba-hitin dial WatchGuard lqaw tariqat phishing khra kats-sta3mel les fichiers SVG (Scalable Vector Graphics).
Had l-hamaat katsitdef nass f-Venezuela, kista3mlo "SVG attachments" kibanou b-hal chi fatiwirat (invoices) awla t-wasel (receipts). Melli kit-ft-how had l-fichiers, kiy-t-aslo b-wahed l-URL b3id bbash i-telechargiw malware m-soweb b-l-logha dial "Go". L-li m-hshm hwa had l-malware 3ndo l-shabah m3a l-programat d-l-fdiya (ransomware) dial BianLian. L-mousha3biwin kista3mlo l-moukhassissat dial les URLs (khosousan ja.cat) w kiy-staghlo t-gharate l-tahwil (redirect vulnerabilities) f-sites m3rofin bbash i-ghatiw l-assl d-l-malware.
Kholasa
Had l-intiqal l-hamaat d-naw3 AitM w-sti3mal khidamat m3roufa bhal Cloudflare Turnstile bbash i-khbiw les scripts l-khabita, kiy-biyen belli l-3amaliyat d-phishing r-ja3t m-tiowra b-zaf. B-nisba l-charikat, l-piratage dial hssab TikTok rah k-ter mn s-da3 l-ras f-social media — rah wahed l-platforme l-nashr l-malware b-shich kbir. Kan-nshou l-monadamat i-raqbo had les domaines li d-kerna w i-wa3-iw l-mouwadafin dialhom mn l-khatar dial l-handasa l-ijtima3iya l-motiowra, hta douk li kibanou f-blays mwa-thoqa bhal Google Careers.
L-masdar: The Hacker News - AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion