- TikTok videos trick users into running malicious commands disguised as software activators
- Aura Stealer malware steals passwords, cookies and crypto wallet data from infected systems
- Avoid suspicious links, use official software, and keep security tools fully updated
The dreaded ClickFix malware attacks are now targeting TikTok users, tricking them into installing info stealers and losing sensitive files, access to accounts and possibly even money.
Security researchers, including Trend Micro, Xavier Mertens and others, have all reported seeing several TikTok videos with instructions on how to “activate” popular software such as Windows, Microsoft 365, Adobe Premiere and others. In some cases, the videos instruct viewers to activate product packages that don’t even exist, such as on Netflix or Spotify.
The “activation” is the usual ClickFix trick – users are prompted to copy and paste a command into Windows Run, which is actually a malicious PowerShell command that deploys and runs Aura Stealer.
How to stay safe
Aura Stealer is an infostealer malware that grabs passwords stored in browsers, authentication cookies, cryptocurrency wallet data, and credentials from other applications. Xavier Mertens also added the ClickFix code also downloads an additional piece of malware, the purpose of which is currently unclear.
As a scam technique, ClickFix has been around for decades. It works by tricking people into thinking they have a problem with their computer and then offering a quick and easy fix.
It started with browser pop-ups back in the early 2000s, where the scam revolved around fake virus notifications. In recent times, ClickFix has evolved and now cheats people with fake “locked” documents, exclusive offers, software activators and the like.
To be safe, be wary of random links or buttons in emails or websites, especially those asking you for urgent fixes or updates. Always visit official websites and use legitimate software. Also, make sure your browser, operating system and security software are up to date and use a reliable ad blocker (if possible).
Finally, be careful when giving permissions to websites or apps – If something feels suspicious or too convenient, close the page and verify it first.
Via Bleeping Computer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
