TikTok and Instagram Reels Exploited to Spread Password-Stealing Malware
A recent report from ReversingLabs reveals a surge in malicious campaigns on short-form video platforms like TikTok and Instagram Reels, targeting users with fake offers for free subscriptions to services such as Spotify Premium, Microsoft Office, and Adobe. The scams lure cash-strapped users by promising cost-saving alternatives amid economic pressures.
Instead of traditional phishing emails, attackers instruct victims to open command-line tools like PowerShell and execute a provided command. This action downloads and installs Vidar, an infostealer malware that harvests usernames, passwords, cookies, session tokens, cryptocurrency wallet data, and personal files.
Unlike conventional phishing, which relies on a single click, this method requires victims to manually input commands, making it a more patient and targeted approach. Researchers note that the shift to social media platforms allows threat actors to drive traffic to attacker-controlled websites, increasing the reach of their campaigns.
The attack underscores the persistent effectiveness of social engineering, particularly as users seek free or discounted alternatives to paid services. While basic security measures like multi-factor authentication can mitigate risks, the evolving tactics highlight the need for vigilance against seemingly legitimate offers.
Spotify TPRM report: https://www.rankiteo.com/company/spotify
Adobe TPRM report: https://www.rankiteo.com/company/adobe
Microsoft TPRM report: https://www.rankiteo.com/company/microsoft-security
"id": "spomicado1781202325",
"linkid": "spotify, microsoft-security, adobe",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Social Media',
'name': 'TikTok Users',
'type': 'Individuals'},
{'industry': 'Social Media',
'name': 'Instagram Reels Users',
'type': 'Individuals'}],
'attack_vector': 'Social Engineering (Fake Offers on Social Media)',
'customer_advisories': 'Users should be cautious of fake offers on social '
'media platforms and avoid executing commands from '
'untrusted sources.',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Credentials, Session Tokens, '
'Cryptocurrency Wallet Data, '
'Personal Files'},
'description': 'A recent report from ReversingLabs reveals a surge in '
'malicious campaigns on short-form video platforms like TikTok '
'and Instagram Reels, targeting users with fake offers for '
'free subscriptions to services such as Spotify Premium, '
'Microsoft Office, and Adobe. The scams lure cash-strapped '
'users by promising cost-saving alternatives amid economic '
'pressures. Attackers instruct victims to open command-line '
'tools like PowerShell and execute a provided command, which '
'downloads and installs Vidar, an infostealer malware that '
'harvests usernames, passwords, cookies, session tokens, '
'cryptocurrency wallet data, and personal files.',
'impact': {'data_compromised': 'Usernames, passwords, cookies, session '
'tokens, cryptocurrency wallet data, personal '
'files',
'identity_theft_risk': 'High',
'payment_information_risk': 'High (if cryptocurrency wallets are '
'compromised)',
'systems_affected': 'User devices (via malware installation)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (Vidar infostealer '
'is known to exfiltrate '
'data for sale)',
'entry_point': 'Social Media (TikTok, Instagram '
'Reels)'},
'lessons_learned': 'The incident highlights the persistent effectiveness of '
'social engineering, particularly on social media '
'platforms, and the need for vigilance against seemingly '
'legitimate offers. Multi-factor authentication can '
'mitigate risks, but evolving tactics require heightened '
'user awareness.',
'motivation': 'Financial Gain (Data Theft for Sale or Exploitation)',
'post_incident_analysis': {'corrective_actions': 'Enhanced user education on '
'social engineering risks, '
'platform-level detection of '
'malicious campaigns, and '
'promotion of multi-factor '
'authentication.',
'root_causes': 'Social engineering tactics '
'exploiting economic pressures and '
'user desire for free services. '
'Lack of user awareness about '
'executing commands from untrusted '
'sources.'},
'recommendations': ['Enable multi-factor authentication for all accounts.',
'Avoid executing commands from untrusted sources, '
'especially via command-line tools.',
'Exercise caution with offers that seem too good to be '
'true, particularly on social media platforms.',
'Monitor for unusual activity in cryptocurrency wallets '
'and personal accounts.'],
'references': [{'source': 'ReversingLabs'}],
'response': {'third_party_assistance': 'ReversingLabs (Research and '
'Reporting)'},
'title': 'TikTok and Instagram Reels Exploited to Spread Password-Stealing '
'Malware',
'type': 'Malware Distribution'}