Close Menu
    Subscribe
    Friday, January 16
    Tech

    TikTok malware scam uses fake software activation guides to steal data

    Justin M. LarsonBy No Comments6 Mins Read


    NEWYou can now listen to Fox News articles!

    Cybercriminals are again turning TikTok into a trap for unsuspecting users. This time, they’re disguising malicious downloads as free activation guides for popular software like Windows, Microsoft 365, Photoshop and even fake versions of Netflix and Spotify Premium.

    Security expert Xavier Mertens first spotted the campaign, confirming that the same kind of scheme was seen earlier this year. According to BleepingComputer, these fake TikTok videos show short PowerShell commands and instruct viewers to run them as administrators to “activate” or “fix” their programs.

    In reality, those commands connect to a malicious website and pull in malware known as Aura Stealer, which quietly siphons saved passwords, cookies, cryptocurrency wallets and authentication tokens from the victim’s computer.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    3,000+ YOUTUBE VIDEOS DELIVER MALWARE DISGUISED AS FREE SOFTWARE

    A TikTok video with a Spotify logo

    Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as free activation guides. (Kurt “CyberGuy” Knutsson)

    How the TikTok scam works

    This campaign uses what experts call a ClickFix attack. It’s a social engineering trick that makes victims feel they’re following legitimate tech instructions. The instructions seem quick and simple: run one short command and get instant access to premium software.

    But instead of activating anything, the PowerShell command connects to a remote domain named slmgr[.]win, which downloads harmful executables from Cloudflare-hosted pages. The main file, updater.exe, is a variant of the Aura Stealer malware. Once inside the system, it hunts for your credentials and sends them back to the attacker.

    Another file, source.exe, uses Microsoft’s C# compiler to launch code directly in memory, making it even harder to detect. The purpose of this extra payload isn’t fully known yet, but the pattern follows previous malware used for crypto theft and ransomware delivery.

    META ACCOUNT SUSPENSION SCAM HIDES FILEFIX MALWARE

    Person holding up their phone and accessing TikTok.

    Those short “activation” commands secretly connect to malicious servers that install info-stealing malware like Aura Stealer. (Kurt “CyberGuy” Knutsson)

    How to stay safe from TikTok malware scams

    Even though these scams look convincing, you can avoid becoming a victim with the right precautions.

    1) Avoid shortcuts

    Never copy or run PowerShell commands from TikTok videos or random websites. If something promises free access to premium software, it’s likely a trap.

    2) Use trusted sources

    Always download or activate software directly from the official website or through legitimate app stores.

    3) Keep security tools updated

    Outdated antivirus or browsers can’t detect the latest threats. Update your software regularly to stay protected.

    4) Use strong antivirus software

    Install strong antivirus software that offers real-time scanning and protection against trojans, info-stealers and phishing attempts.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    5) Sign up for a data removal service

    If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help remove sensitive information.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    6) Reset credentials

    If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. 

    7) Reset passwords

    If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. Start with your email, financial and social media accounts. Use unique passwords for each site. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    8) Enable multi-factor authentication

    Add an extra layer of security by turning on multi-factor authentication wherever possible. Even if your passwords are stolen, attackers won’t be able to log in without your verification. 

    person looking at apps on phone

    If you’ve followed suspicious steps, change your passwords, enable two-factor authentication, and stay alert for future scams. (Getty Images)

    Kurt’s key takeaways

    TikTok’s global reach makes it a prime target for scams like this. What looks like a helpful hack could end up costing your security, your money, and your peace of mind. Stay alert, trust only verified sources and remember that there’s no such thing as a free activation shortcut.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Is TikTok doing enough to protect its users from scams like this? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.



    Source link

    Share.

    Related Posts

    Add A Comment
    Leave A Reply

    News

    Company

    Services

    © 2026 The Politics Designed by The Politics.