A new report from ReversingLabs warns that short-form videos now spread password-stealing malware. Attackers use platforms like TikTok and Instagram Reels to target unsuspecting users. Moreover, the videos promise free access to premium software and subscriptions.
The fake offers include Spotify Premium, Microsoft Windows, Office, and Adobe products. Consequently, users may unknowingly follow harmful instructions that compromise their devices and personal information.
Malware Attack Begins With a Simple Command
Unlike traditional phishing emails, this scam requires users to run commands manually. The videos instruct victims to open PowerShell or another command-line tool. They then copy and execute a command displayed on the screen.
Once executed, the command downloads and installs malware onto the victimโs computer. Researchers identified the malware as Vidar, a well-known information stealer. It targets usernames, passwords, cookies, session tokens, cryptocurrency wallets, personal files, and other sensitive data.
ReversingLabs said the attack represents a shift from conventional email phishing campaigns. Instead of clicking malicious links, victims willingly install malware themselves. Therefore, attackers exploit curiosity and the desire for free software.
Experts Urge Users to Avoid Suspicious Offers
Researchers warned that social media has become an effective platform for social engineering attacks. The tactic directs users from popular platforms to malicious websites controlled by cybercriminals. As a result, attackers can steal valuable personal and financial information.
Users should avoid videos offering free or heavily discounted premium software. They should also download applications only from official vendors and trusted sources. Furthermore, experts recommend ignoring instructions from unknown social media accounts.
Using multi-factor authentication provides another layer of protection against stolen login credentials. Following basic cybersecurity practices can significantly reduce the risk of falling victim to these scams.
