AI TikTok Videos Promising Free Spotify And Windows Subscriptions Install Malware Instead

In recent months, a wave of short promotional videos has swept across TikTok, amassing millions of views and luring in unsuspecting users with promises of free premium subscriptions and features for popular apps like Microsoft Windows, Office365, and Spotify Premium. However, these videos are actually a clever ruse designed to trick people into downloading malware that can steal their personal data.

The scammers behind the operation have created a series of ten-second promotional videos featuring identical AI-generated voices and nearly identical camera angles. The videos promise that all they require is a simple prompt typed into the PowerShell command-line tool in Windows, allowing users to unlock premium features without paying a dime. However, this is simply a ruse – the malware downloaded and installed by these videos can pilfer sensitive information such as personal documents, cryptocurrency, social media logins, and more.

According to cybersecurity researchers at Trend Micro, who discovered the attack, traditional security tools will likely struggle to detect and block the malware. The reason is that it's not being delivered via an email attachment or software exploit, but rather through a cleverly designed phishing tactic that exploits people's desire for freebies.

"There is no malicious code present on the platform for security solutions to analyze or block," said Junestherry Dela Cruz, a researcher at Trend Micro. "All actionable content is delivered visually and aurally." In other words, the malware is designed to evade detection by traditional security tools and blend in seamlessly with legitimate content.

TikTok has since removed all accounts flagged as malicious by cybersecurity researchers, but declined to provide further details on the incident. While it's impossible to determine exactly how many people followed the videos' instructions, it's clear that they were widely viewed on TikTok – one video promising to "boost your Spotify experience instantly" reached over half a million views, while two other accounts amassed almost 1 million views with their respective videos.

But what's worrying is that these videos have already left a trail of destruction in their wake. One viewer asked if the video was safe after watching it, and received a heart-wrenching response from another user who claimed that running the code had wiped their hard drive clean. Another user reported that all their social media accounts had been hacked as a result.

The incident serves as a stark reminder of the dangers of social engineering and the importance of staying vigilant when it comes to online security. As cybersecurity researcher Junestherry Dela Cruz warned, "We must be aware of these types of attacks and educate ourselves on how to protect ourselves against them."