What type of malware is being used in the TikTok scam?

The malware used in this scam is known as Aura Stealer, which steals sensitive user data like passwords, cookies, cryptocurrency wallets, and authentication tokens.

How are TikTok users being tricked into downloading the malware?

The scam uses a "ClickFix" attack, where TikTok videos show short PowerShell commands that claim to activate or fix popular software. When users run these commands, they are actually downloading the Aura Stealer malware.

What can users do to protect themselves from this TikTok scam?

Experts recommend that users never copy or run PowerShell commands from TikTok videos or random websites, and instead only download software directly from official sources. Keeping antivirus software up-to-date and using strong, unique passwords are also crucial steps to stay safe.

Home / Technology / TikTok Users Lured by Fake Activation Guides Delivering Malware

TikTok Users Lured by Fake Activation Guides Delivering Malware

16 Nov

•

Summary

Cybercriminals disguise malware as free software activation guides on TikTok
Malware known as Aura Stealer steals passwords, cookies, crypto wallets, and tokens
Scam uses ClickFix attack to trick users into running malicious PowerShell commands

TikTok Users Lured by Fake Activation Guides Delivering Malware

As of November 16th, 2025, cybercriminals have been actively targeting TikTok users with a new scam involving malicious software disguised as free activation guides. Security experts have confirmed that this campaign, first spotted earlier this year, is still ongoing.

The scammers are creating TikTok videos that show short PowerShell commands and instruct viewers to run them as administrators to "activate" or "fix" popular software like Windows, Microsoft 365, Photoshop, Netflix, and Spotify Premium. However, these commands are designed to connect to a malicious website and download a malware known as Aura Stealer.