Cybercriminals are now leveraging AI-generated content on TikTok to spread malware and deceive users at scale. According to a recent report by GBHackers, attackers are using highly convincing deepfake-style videos—many of them created with generative AI—to promote fake apps, phishing links, and malicious downloads. The campaign is part of a growing trend where social media is weaponized to deliver advanced threats that traditional security tools often fail to detect.
This strategy is especially dangerous when combined with recent vulnerabilities in core systems. Just days ago, new Linux vulnerabilities capable of leaking password hashes and memory data were disclosed. Meanwhile, a critical zero-day in the Linux SMB module has made servers even more vulnerable to remote exploits. Even though the Linux-libre 6.15 kernel attempts to harden the platform by removing binary blobs, attackers are diversifying their methods. In fact, this isn’t the first time TikTok has been used as an attack vector—check out our earlier coverage of ClickFix-based malware spreading through TikTok videos.