TikTok malware scam uses fake software activation guides to steal data

by
TikTok malware scam uses fake software activation guides to steal data

NEWNow you can listen to Fox News articles!

Cybercriminals are once again turning TikTok into a trap for unsuspecting users. This time they're in disguise malicious downloads as free activation guides for popular software such as Windows, Microsoft 365, Photoshop, and even fake versions of Netflix and Spotify Premium.

Security expert Xavier Mertens was the first to notice the campaign, confirming that a similar pattern was seen earlier this year. According to BleepingComputer, these fake videos on TikTok Show short PowerShell commands and ask viewers to run them as administrator to “activate” or “fix” their programs.

In reality, these commands connect to a malicious website and download malware known as Aura Stealer, which silently siphons stored passwords, cookies, cryptocurrency wallets, and authentication tokens from the victim's computer.

Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

OVER 3,000 VIDEOS ON YOUTUBE DELIVERY MALWARE DISQUESTED AS FREE SOFTWARE

Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as free activation guides. (Kurt “CyberGuy” Knutsson)

How TikTok Scams Work

This campaign uses what experts call a ClickFix attack. This is a social engineering trick that makes victims feel like they are following legitimate technical instructions. The instructions seem quick and simple: run one short command and get instant access to premium software.

But instead of activating anything, the PowerShell command connects to the remote domain named slmgr.[.]win, which downloads malicious executable files from pages hosted on Cloudflare. The main updater.exe file is a variant of the Aura Stealer malware. Once inside the system, it looks for your credentials and sends them back to the attacker.

Another file, source.exe, uses the Microsoft C# compiler to run code directly in memory, making it even more difficult to detect. The purpose of this additional payload is not yet fully known, but the pattern mirrors previous malware that has been used to steal cryptocurrency and deliver ransomware.

FRAUDULENT META ACCOUNT SUSPENSION HIDES FILEFIX MALWARE

A man holds his phone and logs into TikTok.

These short “activate” commands secretly connect to malicious servers that install information-stealing malware such as Aura Stealer. (Kurt “CyberGuy” Knutsson)

How to Protect Yourself from TikTok Malware Scams

Although these scams look convincing, you can avoid becoming a victim if you take the right precautions.

1) Avoid shortcuts

Never copy or run PowerShell commands from TikTok videos or random websites. If something promises free access to premium software, it's likely a trap.

2) Use trusted sources.

Always download and activate the software directly from the official website or through legitimate app stores.

3) Keep your security tools updated.

Outdated antivirus or browsers cannot detect the latest threats. Update your software regularly to stay protected.

4) Use powerful antivirus software.

Install powerful antivirus software that provides real-time scanning and protection against Trojans, information thieves, and phishing attempts.

The best way to protect yourself from malicious links that install malware and potentially access your personal information is to have strong protection. antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for 2025's top antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com

5) Sign up for a data deletion service

If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help you remove sensitive information.

While no service can guarantee complete removal of your data from the internet, a data removal service is indeed a smart choice. They don't come cheap, and neither does your privacy. These services do all the work for you, actively monitoring and systematically removing your personal information from hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk that scammers will link leaked data to information they can find on the dark web, making it harder for them to target you.

Check out my top data removal services and get a free scan to see if your personal information has already been published online by visiting Cyberguy.com

Get a free scan to see if your personal information has already been published online: Cyberguy.com

6) Reset credentials

If you have ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately.

7) Reset passwords

If you have ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. Start with your email, financial and social media accounts. Use unique passwords for each site. Consider using a password manager that securely stores and generates complex passwords, reducing the risk of password reuse.

Next, check to see if your email has been compromised in past hacks. Our #1 password manager (see. Cyberguy.com) Pick includes a built-in breach scanner that checks to see if your email address or passwords have been involved in known breaches. If you find a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best password managers of 2025, reviewed by experts, at Cyberguy.com

8) Enable multi-factor authentication.

Add an extra layer of security by enabling multi-factor authentication wherever possible. Even if your passwords are stolen, attackers will not be able to log in without your verification.

man looking at apps on phone

If you've taken suspicious actions, change your passwords, enable two-factor authentication, and be prepared for future scams. (Getty Images)

Kurt's key takeaways

TikTok's global reach makes it a prime target for such scams. What looks like a useful hack could end up costing you your safety, money, and peace of mind. Be careful, trust only trusted sources and remember that there is no such thing as a free activation shortcut.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Is TikTok doing enough to protect its users from such scams? Let us know by writing to us at Cyberguy.com

Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright CyberGuy.com 2025. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist with a deep love of technology, gear and gadgets that make lives better through his reporting for Fox News and FOX Business, starting with the morning programs “FOX & Friends.” Have a technical question? Get Kurt's free CyberGuy newsletter, share your voice, story idea, or leave a comment on CyberGuy.com.

Leave a Comment

About Us

Orva Insight provides global news on crypto, online money-making, sports (cricket, football, soccer, baseball), live streaming, and premium courses. Stay updated with breaking news, analysis, and insights.

Follow US

PH +1 206 531 3331

24 M Drive
East Hampton, NY 11937

© 2025 INFO

PRIVACY POLICY terms of service