Cybercriminals Exploit AI-Driven TikTok Videos to Spread Infostealer Malware

A new malware campaign has emerged leveraging TikToks viral reach and AI-generated videos to distribute dangerous infostealer malware, specifically Vidar and StealC. Cybercriminals create short TikTok videos that simulate software activation tutorials for popular apps like Microsoft Office and Spotify. These videos instruct users to execute malicious PowerShell commands on their own devices, thus unknowingly installing malware that steals sensitive information such as credentials and personal data. TikToks powerful algorithm helps these videos reach hundreds of thousands of views, amplifying the threat exponentially. Unlike traditional campaigns involving fake CAPTCHA pages or malicious links, this attack relies heavily on social engineering through video content combined with AI-generated voices to appear legitimate. The threat actors deactivate associated TikTok accounts after spreading the malware, complicating detection. This novel tactic underscores the growing sophistication of cyber threats exploiting popular social platforms and AI technology. Users and organizations must increase awareness of such techniques, monitor unusual PowerShell activity, and strengthen behavioral detection to mitigate this evolving risk. The campaign highlights the urgent need to adapt security strategies to defend against AI-empowered social engineering vectors on emerging platforms.