TikTok just became a playground for password thieves. Cybercriminals are posting videos that promise free software activation but actually install malware that steals everything on your computer.

Security researchers at Trend Micro discovered dozens of TikTok videos offering “free activation” for Windows, Microsoft 365, Adobe Premiere, and even services that don’t have paid versions like Netflix and Spotify. The videos look helpful. They’re not.

Here’s how the scam works and what you need to know to protect yourself.

The ClickFix Trick Goes Viral

These TikTok videos walk viewers through a seemingly simple activation process. Copy this command. Paste it into Windows Run. Press Enter. Done.

Except that command isn’t an activator. It’s a malicious PowerShell script that downloads Aura Stealer malware onto your system.

Aura Stealer is particularly nasty. Once installed, it grabs passwords stored in your browsers, authentication cookies, cryptocurrency wallet data, and credentials from other applications. Basically, it takes everything you’ve ever saved on your computer.

Plus, researcher Xavier Mertens found the code downloads a second piece of malware. Its purpose remains unclear, but nothing good comes from mystery malware.

Why ClickFix Works So Well

TikTok videos install Aura Stealer malware through PowerShell commands

ClickFix scams have existed for decades. They work because they exploit trust and urgency.

Back in the early 2000s, these scams appeared as browser pop-ups warning about fake viruses. Now they’ve evolved into fake locked documents, exclusive offers, and software activators. The delivery method changes. The psychology stays the same.

People want free stuff. They trust video tutorials. And when something looks easy, they don’t question it. So they copy, paste, and accidentally install malware.

TikTok makes this worse. The platform’s algorithm pushes engaging content regardless of legitimacy. A well-made scam video can reach millions of users before TikTok takes it down. By then, the damage is done.

Five Ways to Protect Yourself

First, ignore any video offering free activation for paid software. Legitimate companies don’t distribute activation keys through TikTok videos. If you need software, buy it from the official website or use verified alternatives.

Second, never copy and paste commands from random sources into Windows Run or PowerShell. Even if the video looks professional. Even if friends shared it. Just don’t do it.

Third, keep everything updated. Your browser, operating system, and security software need regular updates. These patches fix vulnerabilities that malware exploits. Set your software to update automatically if possible.

Fourth, use reliable ad blockers and antivirus tools. They won’t catch everything, but they’ll stop many common threats. Plus, modern ad blockers prevent the annoying pop-ups that often lead to scam sites.

Finally, trust your instincts. If something feels too convenient or suspicious, it probably is. Close the page. Verify through official channels. Take five minutes to research before you act.

Legitimate software requires purchase from official websites not TikTok

The Real Cost of Free Software

Sure, legitimate software costs money. Adobe Creative Cloud runs hundreds of dollars yearly. Microsoft 365 isn’t cheap either. That makes free activation tempting.

But here’s what actually happens when you use these fake activators. You lose your passwords. Someone drains your crypto wallet. Your email gets compromised. Your identity gets stolen. Suddenly that $100 software license looks like a bargain.

Moreover, many affordable alternatives exist. DaVinci Resolve offers professional video editing for free. LibreOffice replaces Microsoft Office at no cost. GIMP handles most Photoshop tasks without a subscription. You don’t need pirated software to get work done.

TikTok Isn’t Going to Save You

TikTok eventually removes these scam videos. But not fast enough. The platform prioritizes engagement over security. A video needs significant reports before moderation kicks in. By then, thousands of people already watched it.

So don’t wait for TikTok to protect you. Assume every “free activation” video is a scam. Assume every command prompt instruction is malicious. Verify everything through official sources before trying it.

Your data is worth more than any software license. Protect it like someone’s trying to steal it. Because they are.

Stay skeptical. Use official software sources. Keep your security tools updated. And remember: if it sounds too good to be true, it’s probably installing malware on your computer.