Scammers tricked TikTok users into downloading malware with AI videos
Wake up, babe — a new form of social engineering just dropped.
Cybercriminals on TikTok used videos to trick users into downloading malware, according to researchers from Trend Micro, a global cybersecurity firm. The researchers say this was a "novel social engineering campaign" designed to take advantage of TikTok users.
In the videos, which are most likely AI-generated, users were promised free versions of Windows and Microsoft Office software or access to premium features in apps like CapCut and Spotify. All you have to do, the cybercriminals said, is execute a simple PowerShell command. People followed the instructions in the TikTok videos because they were being disguised as software activation steps, which the bad actors then used to inject malware like Vidar and StealC into the users' systems. And according to Bleeping Computer, many of the videos had hundreds of thousands of views.
You May Also Like
PowerShell commands are short lines of code that execute tasks on your device, and you should be extremely skeptical of any commands or software links you find on TikTok.
"In this campaign, attackers are using TikTok videos to verbally instruct users into executing malicious commands on their own systems," Trend Micro explained in a report on the attack. "The social engineering occurs within the video itself, rather than through detectable code or scripts. There is no malicious code present on the platform for security solutions to analyze or block. All actionable content is delivered visually and aurally. Threat actors do this to attempt to evade existing detection mechanisms, making it harder for defenders to detect and disrupt these campaigns."
TikTok declined to comment on this particular threat, but the company confirmed to Mashable that the accounts associated with the campaign have been deactivated. TikTok users can also learn more about scams and phishing attempts at the TikTok Safety Center.
UPDATE: May. 23, 2025, 5:22 p.m. EDT We've updated this article to make it more clear that the videos used in this scam have been removed.
Topics Artificial Intelligence TikTok
Christianna Silva is a senior culture reporter covering social platforms and the creator economy, with a focus on the intersection of social media, politics, and the economic systems that govern us. Since joining Mashable in 2021, they have reported extensively on meme creators, content moderation, and the nature of online creation under capitalism.
Before joining Mashable, they worked as an editor at NPR and MTV News, a reporter at Teen Vogue and VICE News, and as a stablehand at a mini-horse farm. You can follow her on Bluesky @christiannaj.bsky.social and Instagram @christianna_j.
