AitM phishing attacks on TikTok business accounts use Cloudflare Turnstile Evasion.

Threat actors are using adversary-in-the-middle (AitM) phishing pages to take over TikTok for Business accounts This article explores malicious svgs used. . Bad actors can use business accounts on social media sites to spread malware and malvertising, making them a very attractive target.

The first step in the campaign is to trick victims into clicking on a bad link that takes them to either a page that looks like TikTok or a page that looks like Google Careers. Sublime Security warned about a previous version of this credential phishing campaign in October 2025. In that version, emails pretending to be outreach messages were used as a social engineering tactic.

As another campaign has been seen using Scalable Vector Graphics (SVG) file attachments to send malware to targets in Venezuela, this news comes out. WatchGuard said, "This campaign is a strong reminder that even file types that seem harmless, like SVGs, can be used to deliver serious threats." The company said in a statement, "In this case, malicious SVGs were used to start a phishing chain that led to the delivery of malware linked to BianLian activity."

Watch Guard said, "When you open these bad SVGs, they connect to a URL that downloads the bad artifact."