Exploitation of TikTok business accounts is on the rise as cybercriminals employ adversary-in-the-middle (AitM) phishing pages to compromise these social media platforms, according to a report from Push Security. Business accounts, like TikTok for Business, are particularly attractive to attackers due to their potential for malvertising and malware distribution. TikTok has historically been abused to distribute malicious content, making it a well-known vector for threat actors looking to reach large audiences quickly.
Push Security Reports a New Wave of AitM Phishing Campaigns
Push Security has identified that cybercriminals are incorporating adversary-in-the-middle (AitM) phishing pages to infiltrate TikTok for Business accounts. These phishing campaigns are carefully designed to deceive users into unknowingly surrendering sensitive credentials, thereby granting unauthorized access to malicious actors. What makes AitM phishing particularly dangerous is its ability to intercept authentication sessions in real time, allowing attackers to bypass conventional security measures, including multi-factor authentication (MFA).
Unlike traditional phishing attacks that simply harvest credentials, AitM techniques position the attacker between the victim and the legitimate service. This allows the threat actor to capture session cookies and authentication tokens as they are generated, rendering even strong MFA protections ineffective in many cases.
Business Accounts Are a High-Value Target
Business accounts linked to social media platforms such as TikTok are high-value targets for threat actors. Once compromised, these accounts can be manipulated to facilitate malvertising campaigns or to propagate malware directly to a platform’s user base.
The misuse of TikTok for Business accounts carries serious consequences. The platform has previously been exploited to distribute harmful software and unwanted content, which only increases its attractiveness as a target for cybercriminals seeking to maximize the reach of their campaigns.
Malvertising Puts Audiences at Risk
The appeal of hijacking TikTok business accounts lies in their ability to reach a vast audience rapidly. Malvertising, the practice of embedding malicious code within online advertisements, can redirect viewers to dangerous websites or trick them into downloading malware disguised as legitimate software. When threat actors gain control of a verified business account, they inherit its established audience and credibility, making malicious content far more convincing to unsuspecting users.
The use of AitM phishing techniques that circumvent standard security protections like MFA makes these accounts even more vulnerable than many organizations may realize. Security teams that rely solely on MFA as a defense may find it insufficient against this class of attack.
Stronger Security Practices Are Necessary
The growing threat facing TikTok business accounts underscores the broader risks associated with managing sensitive data and advertising budgets through social media platforms. Cybersecurity professionals recommend implementing robust access control policies and conducting regular audits of account activity to detect unauthorized changes early.
Business users should remain alert to unusual login activity, unexpected changes to account settings, or unauthorized ad spend, all of which can be indicators of a compromised account. Continuous monitoring, employee security awareness training, and phishing-resistant authentication methods are among the most effective defenses against AitM-style attacks.
While cybersecurity tools and detection methods continue to develop, the threat from organized cybercriminal campaigns targeting business accounts on platforms like TikTok remains persistent. Organizations that take a proactive approach to account security will be far better positioned to avoid becoming the next victim of these targeted phishing operations.
