- TikTok videos trick users into running malicious commands disguised as software activators
- Aura Stealer malware steals passwords, cookies, and crypto wallet data from infected systems
- Avoid suspicious links, use official software, and keep security tools fully updated
The dreaded ClickFix malware attacks are now targeting TikTok users, tricking them into installing infostealers and losing sensitive files, access to accounts, and possibly even money.
Security researchers, including Trend Micro, Xavier Mertens and others have all reported seeing multiple TikTok videos offering instructions on how to “activate” popular software such as Windows, Microsoft 365, Adobe Premiere, and others. In some cases, the videos are instructing viewers on activating product packs that don’t even exist, such as on Netflix or Spotify.
The “activation” is the usual ClickFix trick – users are instructed to copy and paste a command in Windows Run which, in reality, is a malicious PowerShell command that deploys and runs Aura Stealer.
How to stay safe
Aura Stealer is an infostealer malware that grabs passwords stored in browsers, authentication cookies, cryptocurrency wallet data, and credentials from other applications. Xavier Mertens also added the ClickFix code also downloads an additional piece of malware, whose purpose is currently not clear.
As a scam technique, ClickFix has been around for decades. It works by tricking people into thinking they have a problem with their computer and then offering a quick and easy solution.
It started with browser pop-ups, back in the early 2000’s, when the scam revolved around fake virus notifications. In more recent times, ClickFix evolved, and now tricks people with fake “locked” documents, exclusive offers, software activators, and similar.
To stay safe, be skeptical of random links or buttons in emails or websites, especially those who ask you for urgent fixes or updates. Always visit official websites and use legitimate software. Furthermore, make sure your browser, operating system, and security software is up to date, and use a reliable ad blocker (if possible).
Finally, be cautious when giving permissions to websites or apps – If something feels suspicious or too convenient, close the page and verify it first.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- Devious new ClickFix malware variant targets macOS, Android, and iOS using browser-based redirections
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
