TikTok videos used to hide dangerous malware attacks - here's how to stay safe

News
By published

ClickFix has made its way to TikTok

A phone showing the TikTok logo
(Image credit: Shutterstock / Daniel Constante)
  • TikTok videos trick users into running malicious commands disguised as software activators
  • Aura Stealer malware steals passwords, cookies, and crypto wallet data from infected systems
  • Avoid suspicious links, use official software, and keep security tools fully updated

The dreaded ClickFix malware attacks are now targeting TikTok users, tricking them into installing infostealers and losing sensitive files, access to accounts, and possibly even money.

Security researchers, including Trend Micro, Xavier Mertens and others have all reported seeing multiple TikTok videos offering instructions on how to “activate” popular software such as Windows, Microsoft 365, Adobe Premiere, and others. In some cases, the videos are instructing viewers on activating product packs that don’t even exist, such as on Netflix or Spotify.

The “activation” is the usual ClickFix trick - users are instructed to copy and paste a command in Windows Run which, in reality, is a malicious PowerShell command that deploys and runs Aura Stealer.

How to stay safe

Aura Stealer is an infostealer malware that grabs passwords stored in browsers, authentication cookies, cryptocurrency wallet data, and credentials from other applications. Xavier Mertens also added the ClickFix code also downloads an additional piece of malware, whose purpose is currently not clear.

As a scam technique, ClickFix has been around for decades. It works by tricking people into thinking they have a problem with their computer and then offering a quick and easy solution.

It started with browser pop-ups, back in the early 2000’s, when the scam revolved around fake virus notifications. In more recent times, ClickFix evolved, and now tricks people with fake “locked” documents, exclusive offers, software activators, and similar.

To stay safe, be skeptical of random links or buttons in emails or websites, especially those who ask you for urgent fixes or updates. Always visit official websites and use legitimate software. Furthermore, make sure your browser, operating system, and security software is up to date, and use a reliable ad blocker (if possible).

Finally, be cautious when giving permissions to websites or apps - If something feels suspicious or too convenient, close the page and verify it first.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.