Technology
TikTok malware scam tricks you with fake activation guides
NEWYou can now listen to Fox News articles!
Cybercriminals are again turning TikTok into a trap for unsuspecting users. This time, they’re disguising malicious downloads as free activation guides for popular software like Windows, Microsoft 365, Photoshop and even fake versions of Netflix and Spotify Premium.
Security expert Xavier Mertens first spotted the campaign, confirming that the same kind of scheme was seen earlier this year. According to BleepingComputer, these fake TikTok videos show short PowerShell commands and instruct viewers to run them as administrators to “activate” or “fix” their programs.
In reality, those commands connect to a malicious website and pull in malware known as Aura Stealer, which quietly siphons saved passwords, cookies, cryptocurrency wallets and authentication tokens from the victim’s computer.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
3,000+ YOUTUBE VIDEOS DELIVER MALWARE DISGUISED AS FREE SOFTWARE
Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as free activation guides. (Kurt “CyberGuy” Knutsson)
How the TikTok scam works
This campaign uses what experts call a ClickFix attack. It’s a social engineering trick that makes victims feel they’re following legitimate tech instructions. The instructions seem quick and simple: run one short command and get instant access to premium software.
But instead of activating anything, the PowerShell command connects to a remote domain named slmgr[.]win, which downloads harmful executables from Cloudflare-hosted pages. The main file, updater.exe, is a variant of the Aura Stealer malware. Once inside the system, it hunts for your credentials and sends them back to the attacker.
Another file, source.exe, uses Microsoft’s C# compiler to launch code directly in memory, making it even harder to detect. The purpose of this extra payload isn’t fully known yet, but the pattern follows previous malware used for crypto theft and ransomware delivery.
META ACCOUNT SUSPENSION SCAM HIDES FILEFIX MALWARE
Those short “activation” commands secretly connect to malicious servers that install info-stealing malware like Aura Stealer. (Kurt “CyberGuy” Knutsson)
How to stay safe from TikTok malware scams
Even though these scams look convincing, you can avoid becoming a victim with the right precautions.
1) Avoid shortcuts
Never copy or run PowerShell commands from TikTok videos or random websites. If something promises free access to premium software, it’s likely a trap.
2) Use trusted sources
Always download or activate software directly from the official website or through legitimate app stores.
3) Keep security tools updated
Outdated antivirus or browsers can’t detect the latest threats. Update your software regularly to stay protected.
4) Use strong antivirus software
Install strong antivirus software that offers real-time scanning and protection against trojans, info-stealers and phishing attempts.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
5) Sign up for a data removal service
If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help remove sensitive information.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
6) Reset credentials
If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately.
7) Reset passwords
If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. Start with your email, financial and social media accounts. Use unique passwords for each site. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com
8) Enable multi-factor authentication
Add an extra layer of security by turning on multi-factor authentication wherever possible. Even if your passwords are stolen, attackers won’t be able to log in without your verification.
If you’ve followed suspicious steps, change your passwords, enable two-factor authentication and stay alert for future scams. (Getty Images)
Kurt’s key takeaways
TikTok’s global reach makes it a prime target for scams like this. What looks like a helpful hack could end up costing your security, your money and your peace of mind. Stay alert, trust only verified sources and remember that there’s no such thing as a free activation shortcut.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Is TikTok doing enough to protect its users from scams like this? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
The Instructure-owned learning management platform, Canvas, is down after recently confirming a massive data breach that impacted student names, email addresses, ID numbers, and messages. Students attempting to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack:
ShinyHunters has breached Instructure (again). Instead of contacting us to resolve it they ignored us and did some “security patches.” If any of the schools in the affected list are interested in preventing the release of their data, please consult with a cyber advisory firm and contact us privately at TOX to negotiate a settlement. You have till the end of the day by 12 May 2026 before everything is leaked.
The message included a link to a list of schools ShinyHunter claims to have breached through Canvas.
“Instructure has placed Canvas, Canvas Beta and Canvas Test in maintenance mode,” according to Infrastructure’s status page. “We anticipate being up soon, and will provide updates as soon as possible.”
Instructure said last week that it “deployed patches to enhance system security” following the breach. ShinyHunters — which has claimed responsibility for attacks on Ticketmaster, AT&T, Rockstar Games, ADT, and Vercel — said its data leak site contains 9,000 schools, including data belonging to 275 million students, teachers, and other staff, according to Bleeping Computer.
Update, May 7th: Added Infrastructure’s maintenance mode message.
NEWYou can now listen to Fox News articles!
A high-tech humanoid robot was officially “ordained” as a Buddhist monk during a ceremony at Seoul’s Jogyesa Temple on Wednesday.
The robot, a $13,500 Unitree G1 model standing just over four feet tall, was given the name “Gabi.” Dressed in traditional brown robes, plain shoes and gloves designed to mimic human hands, the machine stood before a panel of Buddhist monks to commit itself to the faith.
During the ceremony, hosted by the Jogye Order of Korean Buddhism, the robot was asked by a monk if it would devote itself to the “holy Buddha.”
“Yes, I will devote myself,” Gabi responded to the crowd’s cheers.
AI HUMANOID ROBOT LEARNS TO MIMIC HUMAN EMOTIONS AND BEHAVIOR
More than 200 humanoid robots perform during Agibot Night, a live televised gala in Shanghai ahead of Lunar New Year. (Tang Yanjun/China News Service)
The ceremony highlights a growing effort among religious institutions to engage younger, tech-driven audiences, raising broader questions about whether artificial intelligence can play a meaningful role in spiritual life or if such moves risk trivializing long-standing traditions.
While humans typically pledge to abstain from killing, stealing and intoxicating substances, Gabi’s vows were “reprogrammed” for the digital age. The robot pledged to respect and follow humans, refrain from damaging property or other robots, abstain from deceptive behavior and save energy by not overcharging.
The Jogye Order, South Korea’s largest Buddhist sect, framed the move as an effort to make ancient traditions more relevant to a younger, tech-obsessed generation.
HUMANOID ROBOT TURNS HEADS AT NYC SNEAKER STORE
A humanoid robot, front, and Buddhist monks put hands together for a photo after an ordination ceremony ahead of upcoming Buddha’s birthday on May 24 at Jogye temple in Seoul, South Korea, Wednesday, May 6, 2026. (Lee Jin-man/AP)
“The ordination of a robot signifies that technology must be used in accordance with the values of compassion, wisdom, and responsibility,” the order said in a statement shared with The New York Times. Officials added that the move symbolizes “new possibilities for the coexistence of humans and technology.”
Hong Min-suk, a manager at the order, told the publication that robots are “destined to collaborate with humans in every field,” suggesting it is only “natural” for them to participate in religious festivals.
The Jogye Order did not immediately respond to Fox News Digital’s request for comment.
Despite the temple’s optimistic outlook, the move has drawn criticism online. A video of Gabi’s pledge quickly surpassed one million views, with some users on X questioning whether a machine can meaningfully participate in religious practice.
Buddhist monks arrive at Washington National Cathedral in Washington, D.C., on Feb. 10, 2026, before participating in an interfaith ceremony during the final days of their 2,300-mile “Walk for Peace.” (Drew Angerer/AFP via Getty Images)
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
“As a Buddhist, I find this ridiculous and insulting,” one user wrote.
Gabi is expected to make its next public appearance at Seoul’s upcoming Lantern Festival on May 16-17, honoring the Buddha’s birthday.
Sam Altman and Elon Musk are facing off in a high-stakes trial that could alter the future of OpenAI and its most well-known product, ChatGPT. In 2024, Musk filed a lawsuit accusing OpenAI of abandoning its founding mission of developing AI to benefit humanity and shifting focus to boosting profits instead.
Elon Musk, his financial manager and Neuralink CEO, Jared Birchall, and OpenAI cofounder Greg Brockman have already testified before the jury. Now, on Wednesday, May 6th, Shivon Zilis, a former OpenAI board member who shares four children with Musk, is taking the stand, and the courtroom is seeing testimony from former OpenAI exec Mira Murati via video.
Microsoft CEO Satya Nadella is scheduled to appear on Monday, with OpenAI cofounder and former chief scientist Ilya Sutskever lined up to testify after that.
Musk was a cofounder of OpenAI and claims that Altman and Brockman tricked him into giving the company money, only to turn their backs on their original goal. However, OpenAI says that “This lawsuit has always been a baseless and jealous bid to derail a competitor” in a bid to boost Musk’s own SpaceX / xAI / X companies that have launched Grok as a competitor to ChatGPT.
Elon Musk — plaintiff, OpenAI cofounder and now CEO of rival xAI
Steven Molo — lead counsel for plaintiff
Jared Birchall — manager of Musk’s family office
Shivon Zilis — former OpenAI board member who shares multiple children with Musk
Sam Altman — defendant, CEO of OpenAI
William Savitt — lead counsel for defendant
Greg Brockman — president of OpenAI as well as a cofounder
Ilya Sutskever — former chief scientist at OpenAI and a cofounder
Yvonne Gonzalez Rogers — aka YGR, trial judge
Here’s all the latest on the trial between Musk and Altman:
-
New York1 hour agoNew York’s Budget Deal Is Still Hazy. Here Are 5 Key Questions.
-
Detroit, MI2 hours agoApproval poll: Do you approve of Lions GM Brad Holmes? (post-2026 draft)
-
San Francisco, CA2 hours agoWhere to watch Pittsburgh Pirates vs San Francisco Giants: TV channel, start time, streaming for May 8
-
Dallas, TX2 hours agoDallas Weather: Thunderstorms in the forecast for Friday & Mother’s Day
-
Boston, MA2 hours ago
Where to watch Tampa Bay Rays vs Boston Red Sox: TV channel, start time, streaming for May 8
-
Denver, CO2 hours ago11 Denver Restaurants For Anyone Missing Their Southern Roots – Tasting Table
-
Seattle, WA3 hours agoOffseason Checklist: Seattle Kraken
-
San Diego, CA3 hours agoSan Diego Padres celebrate Puerto Rican heritage with local artist