Fake Software Tutorials on TikTok Spread Vidar Stealer
Essential information
- Published
- 10/06/2026 16:22
- Modified
- 11/06/2026 07:36
- Tags
- 2026-06-10 fake tutorials infostealer instagram reels powershell social engineering social media tiktok vidar
- Related entities
- 20 techniques (mitre), 1 malware, 2 others
Description
Threat actors are leveraging TikTok and Instagram Reels to distribute the Vidar infostealer through fake software tutorials. Two distinct campaigns use short-form videos disguised as tutorials for unlocking premium software like Spotify. The first campaign uses accounts mimicking official Windows profiles with AI-voiced clips instructing users to run PowerShell commands that download Vidar from lookalike domains. One video achieved over 100,000 views. The second campaign uses ordinary accounts posting music-backed clips that bait users in comments to receive malicious links via direct message. These campaigns exploit platform recommendation algorithms by encouraging saves and shares. Vidar is sold as a service for $300 lifetime license and harvests credentials, financial data and authentication tokens.