A new cybersecurity report from Reversing Labs has warned that short-form videos on platforms such as TikTok and Instagram Reels are being used to distribute password-stealing malware through deceptive “free access” offers.
The videos typically promise free subscriptions or cracked versions of popular services such as Spotify Premium, Microsoft Windows, Office, and Adobe software. These claims are designed to lure users into following step-by-step instructions that appear harmless at first glance.
How the Attack Works
Unlike traditional phishing scams that rely on emails or fake login pages, this new method pushes users to manually execute commands on their own devices.
In many cases, viewers are instructed to open system tools such as PowerShell and run a command shown in the video. Once executed, the command silently downloads and installs malware on the victim’s computer.
Security researchers identified the malware as Vidar, a well-known infostealer capable of extracting sensitive data, including:
- Usernames and passwords
- Browser cookies and session tokens
- Cryptocurrency wallet information
- Stored files and documents
- Other personal and system data
A Shift in Cybercrime Tactics
The report highlights a clear evolution in social engineering attacks. While email-based phishing remains widespread, attackers are increasingly shifting toward social media platforms where users are more likely to trust content and follow instructions without verification.
Unlike typical scams that require a simple click, this technique depends on users actively running commands, making the attack more intentional and harder to detect in real time.
Researchers noted that the strategy continues to succeed because it exploits users searching for free or discounted access to paid tools and subscriptions.
Social Media Becoming an Attack Vector
According to ReversingLabs, attackers are effectively using social platforms as a distribution channel to redirect users to malicious websites or scripts under their control.
The report emphasizes that social engineering remains one of the most effective methods for cybercriminals, largely because it targets human behavior rather than technical vulnerabilities.
How Users Can Stay Safe
Cybersecurity experts recommend users avoid any video or post offering free access to premium software or services, especially when it involves downloading files or running system commands.
To reduce risk, users should:
- Download software only from official websites or trusted vendors
- Avoid executing commands from unknown online sources
- Enable multi-factor authentication on all important accounts
- Be cautious of “too good to be true” offers on social media
As short-form video platforms continue to grow in influence, experts warn that users must remain increasingly vigilant, as cybercriminals are now adapting their tactics to match changing online behavior.
