Social Media Lures Mimic Tech Support
Cybercriminals are exploiting short-form video platforms like TikTok and Instagram Reels to distribute malware. They create polished, professional-looking videos that promise free access to popular premium software. These clips, which can amass thousands of views and likes, blend seamlessly into the normal flow of tech tip content on the platforms. According to researchers at ReversingLabs, the attackers rely on the false credibility established by high engagement metrics and convincing production values to lower the guard of potential victims.
Two Campaigns, Same Malicious Goal
Analysts identified two distinct campaign methods, both designed to funnel users to third-party websites hosting disguised malicious downloads. The first campaign uses accounts with usernames like “windows.tips” paired with a profile image mimicking the official Windows social media icon. These accounts post AI narrated tutorials that instruct users to execute specific PowerShell commands. The second campaign employs a direct approach, embedding shortened links in video descriptions that redirect users to download sites. Both methods ultimately deliver the Vidar infostealer, a credential theft tool that is offered as a service for around $300 per lifetime license.
Evasive Malware and Platform Risks
The Vidar infostealer received an update in October 2025 that made it more evasive and harder for security tools to detect. It is designed to steal login credentials, financial data, and session tokens from infected devices. The combination of widespread social media reach and accessible, sophisticated malware creates a significant threat environment that affects both individual users and organizations. ReversingLabs highlighted that the attackers are gaming platform recommendation algorithms to achieve massive organic reach, making this a particularly dangerous vector for initial compromise.
Source: Cyber Security News
