U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Fake software activation videos on TikTok spread Vidar, StealC

Crooks use TikTok videos with fake tips to trick users into running commands that install Vidar and StealC malware in ClickFix attacks. Cybercriminals leverage AI-generated TikTok videos in ClickFix attacks to spread Vidar and StealC malware, reports Trend Micro. These videos trick users into running PowerShell commands disguised as software activation steps for tools like […]

TikTok

Crooks use TikTok videos with fake tips to trick users into running commands that install Vidar and StealC malware in ClickFix attacks.

Cybercriminals leverage AI-generated TikTok videos in ClickFix attacks to spread Vidar and StealC malware, reports Trend Micro. These videos trick users into running PowerShell commands disguised as software activation steps for tools like Windows, Office, CapCut, or Spotify. The researchers pointed out that come videos have reached over 500,000 views, increasing the threat’s reach via TikTok’s algorithm.

“Threat actors are now using TikTok videos that are potentially generated using AI-powered tools to socially engineer users into executing PowerShell commands under the guise of guiding them to activate legitimate software or unlock premium features.” reads the report published by Trend Micro. “This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware.”

Researchers discovered several TikTok accounts, now deactivated, posting the likely AI-generated videos. The videos are nearly identical, suggesting automated creation using AI for both visuals and voice, and were used to distribute malware payloads.

A TikTok video urging users to run a PowerShell command gained nearly 500,000 views, 20,000+ likes, and 100+ comments, showing high engagement and trust.

TikTok

The video provides step-by-step instructions to run a PowerShell command that downloads malware. The script adds Windows Defender exclusions, downloads and runs Vidar or StealC malware, sets up persistence via the registry, and deletes traces, all while appearing simple and legitimate to users.

Vidar and StealC malware connect to command-and-control (C&C) servers after infection. Vidar uses legitimate services like Steam and Telegram as Dead Drop Resolvers (DDR) to hide C&C details, embedding server info in public profiles to avoid detection. StealC uses direct IP connections. This method helps threat actors obscure infrastructure and maintain persistence while reducing visibility to security tools.

TikTok

“The shift to social media as a delivery mechanism for malware requires a corresponding reassessment in defense strategies. Traditional security controls that focus on malicious code detection, link scanning, and domain reputation are less effective against attacks that exploit user trust and obscure malicious intent.” concludes the report. “Security strategies must adopt a more holistic approach that includes social media monitoring, behavioral analysis, and targeted user education.” 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ClickFix)