{"id":230256,"date":"2026-03-27T08:03:00","date_gmt":"2026-03-27T12:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/27\/aitm-phishing-targets-tiktok-business-accounts-using-cloudflare-turnstile-evasion\/"},"modified":"2026-04-02T01:10:16","modified_gmt":"2026-04-02T05:10:16","slug":"aitm-phishing-targets-tiktok-business-accounts-using-cloudflare-turnstile-evasion","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/27\/aitm-phishing-targets-tiktok-business-accounts-using-cloudflare-turnstile-evasion\/","title":{"rendered":"AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion"},"content":{"rendered":"

AitM Phishing Targets TikTok Business Accounts Using Cloudflare Turnstile Evasion<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/03\/aitm-phishing-targets-tiktok-business.html<\/a><\/p>\n

Publish Date: 2026-03-27 08:03:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Mar 27, 2026<\/span><\/span>Ransomware \/ Malware<\/span><\/p>\n

Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report from Push Security.<\/p>\n

Business accounts associated with social media platforms are a lucrative target, as they can be weaponized by bad actors for malvertising and distributing malware.<\/p>\n

“TikTok has been historically abused to distribute malicious links and social engineering instructions,” Push Security said. “This includes multiple infostealers like Vidar, StealC, and Aura Stealer delivered via ClickFix-style instructions with AI-generated videos posed as activation guides for Windows, Spotify, and CapCut.”<\/p>\n

The campaign begins with tricking victims into clicking on a malicious link that directs them to either a lookalike page impersonating TikTok for Business or a page that’s designed to impersonate Google Careers, along with an option to schedule a call to discuss the opportunity.<\/p>\n

It’s worth noting that a prior iteration of this credential phishing campaign was flagged by Sublime Security in October 2025, with emails masquerading as outreach messages used as a social engineering tactic.<\/p>\n

Regardless of the type of page served, the end goal is the same: perform a Cloudflare Turnstile check to block bots and automated scanners from analyzing the contents of the page and serve a malicious AitM phishing page login page that’s designed to steal their credentials.<\/p>\n

\"\"<\/p>\n

The phishing pages are hosted on the following domains –<\/p>\n