[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fZ5qquBW2DnErDE5FNyfKi-O8R0AnevNzbjMePZxplHQ":3},{"article":4,"iocs":43},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"b4cf7261-f772-42aa-9202-3013a3865ec7","Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer","scammers-use-tiktok-and-instagram-reels-to-spread-vidar-infostealer-f76205","ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users.","Scammers are leveraging TikTok and Instagram Reels to distribute the Vidar infostealer malware by disguising malicious commands within tutorial videos. These videos promise free access to premium applications, tricking users into executing commands that download the malware. The campaign exploits social media algorithms that favor engagement, leading to widespread distribution.","Hackers use TikTok and Instagram Reels to spread Vidar infostealer via tutorial-style videos.","Security Malware Scams and FraudScammers Use TikTok and Instagram Reels to Spread Vidar Infostealer ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users. byDeeba AhmedJune 10, 20263 minute read Scammers are using a new method to trap social media users by hiding malicious files inside short videos. Threat intelligence firm ReversingLabs found that hackers are exploiting TikTok and Instagram Reels to distribute Vidar infostealer. These campaigns are different from standard phishing emails containing infected links, as these manipulate social media platforms to make malicious content go viral. This trick relies on tutorial-style videos that promise free access to paid applications like Spotify Premium or Microsoft Word. Scammers have ensured the clips look professional, using clear graphics and automated voiceovers to establish authority. Turning commands into traps In one identified technique, scammers create accounts with usernames like windows.tips, using a blue and white crown logo that mimics the official Windows icon. The videos instruct viewers to open PowerShell on their Windows computers and type in a specific command: iex irm. This deceptive instruction tells the OS to quietly connect to a remote server to fetch and execute a malicious payload. For example, users are told to direct the tool to a domain called msget.run\u002Fspotify, and since the video appears safe, they run the code without checking what’s being downloaded. A TikTok Video tricking users into following malicious commands and infecting their devices with malware (Source: ReversingLabs) “Social media users executing this command may trust the video on face value, without verifying what is being downloaded,” ReversingLabs researcher Zaria Vuksan noted in the blog post shared with Hackread.com. The second strategy targets user curiosity through casual clips. Scammers post videos showing off premium app features over trending background music and encourage viewers to comment with words like ok to learn the secret. Once a user replies, the hacker sends a direct message directing them to fake download sites like d4ug.site, which claims to unlock premium games and AI tools but actually redirects victims to dead-end surveys or malicious links. The viral delivery system According to ReversingLabs’ analysis, these videos succeed by gaming platform algorithms. Recommendation systems heavily favour content that users save or share. Given that people prefer to save tutorials to check later, the system sends these clips to wider audiences, researchers explained, noting that one of the videos tracked during the investigation received 109,000 views, 1,699 saves, and 974 shares. Upon following the instructions, a file named build.exe drops onto the user’s computer, which contains Vidar Infostealer. It is a widely used information-stealer sold on underground marketplaces as a malware-as-a-service (MaaS) model. Cybercriminals can buy a lifetime license for 300 dollars to steal all kinds of data, including passwords, banking data, and browser cookies. Vidar infostealer was updated recently to make it much more stable and better at evading automated security filters. Defending against these campaigns is difficult because hackers can delete warning comments left by past victims. ReversingLabs reported the scam accounts to Instagram, but the platform rejected the alerts. Researchers are now urging users to avoid entering untrusted commands into terminal utilities, and businesses must train staff to spot scams hiding on consumer social feeds. Being prepared is the ultimate defence in this case. “There are likely many more variations of videos with the same intentions. People are looking for scams in their email inboxes and text messages, but not as much on their social media feeds. Especially when these posts are under the guise of being helpful, rather than the urgency or sob stories associated with stereotypical phishing attempts. These videos can pop up at any time, so it is important that organizations stay prepared,” researchers concluded. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts Cyber AttackCyber CrimeCybersecurityFraudInfostealerInstagramMalwareMS WordScamsecuritySpotifyTikTokVidar Leave a Reply Cancel reply View Comments (0) Related Posts Security Cyber Crime Hackers steal 6TB of data from enterprise software developer Citrix Enterprise software developer Citrix becomes a victim of state-sponsored hack attack after hackers steal the company’s secrets. One… byWaqas Read More Security Fake 7-Zip Exploit Code Traced to AI-Generated Misinterpretation A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software's creator and other security researchers. byDeeba Ahmed Surveillance Privacy Security New anti-facial recognition glasses protect users’ privacy from CCTV cameras Facial recognition technology is being widely used, so it was about the time when anti-facial recognition tech would come… byWaqas Malware Security Malware infected browser extensions stealing Chrome, Edge user data Avast noted that the malware is quite tricky and does not execute itself if the victim is a web developer as it will be easy for them to identify its malicious activities. byWaqas","https:\u002F\u002Fhackread.com\u002Fscammers-tiktok-instagram-reels-vidar-infostealer\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002Fscammers-tiktok-instagram-reels-vidar-infostealer.jpg","2026-06-10T17:24:16+00:00","2026-06-10T18:00:15.764214+00:00",8,[18,21,23,25,27],{"name":19,"type":20},"TikTok","product",{"name":22,"type":20},"Instagram Reels",{"name":24,"type":20},"Spotify Premium",{"name":26,"type":20},"Microsoft Word",{"name":28,"type":29},"PowerShell","technology","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":30,"icon":32,"name":33,"slug":34},null,"Malware","malware",[36,38],{"category":37},{"id":30,"icon":32,"name":33,"slug":34},{"category":39},{"id":40,"icon":32,"name":41,"slug":42},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[44,48,51],{"type":45,"value":46,"context":47},"domain","msget.run","Domain used in PowerShell command to fetch malicious payload.",{"type":45,"value":49,"context":50},"d4ug.site","Fake download site used to redirect victims to surveys or malicious links.",{"type":34,"value":52,"context":53},"Vidar Infostealer","Information-stealer malware distributed through the campaign."]