A new scam has emerged on TikTok, where hackers are using short promotional videos to trick users into installing malware on their computers. These videos, which have gained millions of views, promise to provide free access to premium services like Spotify and Windows 365. However, instead of unlocking these services, the videos instruct users to enter a command into the PowerShell tool, which downloads and installs malware designed to steal sensitive information, including personal documents, cryptocurrency, and social media login credentials, from infected PCs. The scam is targeting users of Windows and TikTok.

Expert Insights on the TikTok Scam

A cybersecurity researcher at Trend Micro discovered the attack and noted that traditional security tools may not detect this malware since it is not delivered through typical methods like email attachments or software exploits. Instead, users are unwittingly installing the malware themselves by following the instructions in the videos. As stated in a report, “There is no malicious code present on the platform for security solutions to analyse or block. All actionable content is delivered visually and aurally.”

Junestherry Dela Cruz, a researcher at Trend Micro, believes that AI is facilitating the scam, as the promotional videos all feature similar synthetic voices and nearly identical shots and camera angles. TikTok has removed the accounts identified as dangerous but declined to provide further details.

“My hard drive was wiped after running the code,” and “All my accounts were hacked because of these videos.”

• Published On May 27, 2025 at 09:24 AM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get the latest insights and analysis.

Download ETCISO App

• Get Realtime updates
• Save your favourite articles

Scan to download App