- The best free AI courses and certificates in 2025 - and I've tried many
- I replaced my laptop with Microsoft's 12-inch Surface Pro - here's my verdict after two weeks
- I gave away my Kindle and iPad within hours of testing this tablet
- Mozilla is so out of Pocket for shutting down one of my favorite apps
- I replaced my Ray-Ban Meta with these Amazon smart glasses - and didn't mind it
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
A new malware campaign has been observed using TikTok’s viral nature and vast user base to spread information-stealing malware such as Vidar and StealC.
According to a new advisory by Trend Micro, this latest social engineering effort marks a shift from traditional malicious tactics, exploiting the platform’s reach and user trust to spread harmful software via seemingly innocuous video content.
TikTok Videos Deliver Malware via PowerShell
Unlike previous campaigns that depended on malicious websites and JavaScript injections, this attack operates entirely within TikTok.
The campaign features short-form videos, likely created with AI tools, that instruct users to execute PowerShell commands. These commands, presented as methods to activate popular software like Microsoft Office or Spotify, initiate a malware infection chain.
What sets this tactic apart is its use of verbal and visual guidance in the videos. The commands are never embedded in text or links, making them harder for traditional security systems to detect. Viewers are coaxed into typing the commands themselves, making them unwitting participants in the malware installation.
Trend researchers traced the campaign to accounts including @gitallowed, @zane.houghton and @digitaldreams771.
These accounts, now inactive, published similar AI-voiced videos with minor variations in camera angles and payload URLs, suggesting automation was used in their creation.
One video in particular gained nearly 500,000 views and over 20,000 likes. Its popularity indicates significant user interaction, increasing the risk that many followed the instructions and infected their systems.
The malware chain begins by using PowerShell to download a script from allaivo[.]me, which then fetches and installs Vidar or StealC.
The malicious PowerShell script:
- Hides files in user directories and adds them to Windows Defender’s exclusion list
- Downloads malware from amssh[.]co
- Uses retry logic to ensure execution
- Sets up system persistence
- Cleans up forensic evidence to avoid detection
Vidar further masks its command-and-control (C2) infrastructure by embedding IP data in services like Steam and Telegram.
A Call for Smarter Defenses
According to Trend Micro, the campaign highlights the urgent need for updated defense strategies that go beyond traditional threat detection.
Organizations should actively monitor social media platforms for high-engagement posts that contain technical instructions, as these may be linked to malicious activity.
Implementing behavioral detection tools is also essential to flag unusual user actions, such as unexpected command-line executions.
Additionally, user education must evolve to include guidance on recognizing and reporting deceptive video content, especially those that exploit social engineering tactics through visual and auditory cues.
Image credit: BongkarnGraphic / Shutterstock.com
