TikTok videos are being used to trick people into installing dangerous malware on their computers. Trend Micro found that cybercriminals are making videos that tell viewers to run PowerShell commands. They say these commands will activate software like Windows, Microsoft Office, CapCut, and Spotify.
But the commands actually download malware called Vidar and StealC. The videos look like they were made using AI. They have similar camera angles and AI-generated voiceovers.
One video about “boosting your Spotify experience” got almost 500,000 views. It tells people to run a command that installs the malware. Vidar and StealC are information stealers.
They can take screenshots, steal passwords, credit card numbers, files, and more.
Tiktok videos trick users to install malware
The malware also adds a registry key so it runs automatically when the computer starts up.
This kind of attack is called ClickFix. It uses fake error messages or verification systems to trick people into running bad scripts. Even government-backed hacker groups have used ClickFix attacks for spying.
TikTok has been used to spread malware before. Criminals have taken advantage of popular TikTok trends and posted fake cryptocurrency giveaways. Some of these videos got over a million views.
To stay safe, be very careful about running commands from videos or unfamiliar websites. Keep your antivirus software up to date. And do not enter sensitive information like passwords into programs you do not trust.
A seasoned technology executive with a proven record of developing and executing innovative strategies to scale high-growth SaaS platforms and enterprise solutions. As a hands-on CTO and systems architect, he combines technical excellence with visionary leadership to drive organizational success.
