Fake Spotify Premium Videos On TikTok And Instagram Are Spreading Password Stealing Malware

Cybercriminals are using TikTok and Instagram Reels to lure users with fake offers for free Spotify Premium, Microsoft Office, Windows and Adobe software, in a campaign designed to install malware and steal sensitive information.

A new warning from cybersecurity researchers at ReversingLabs says attackers are taking advantage of short form video platforms to reach users who may be tempted by free access to paid subscriptions. Rather than relying on traditional phishing emails, the scammers are using quick tutorial style videos that appear to show viewers how to unlock premium software.

The videos typically instruct users to open a command line tool such as PowerShell and paste in a command displayed on screen. Instead of activating free software, the command downloads and installs malware onto the victim’s computer.

Researchers identified Vidar as one of the malware strains being delivered through the campaign. Vidar is an information stealing malware that can collect usernames, passwords, browser cookies, session tokens, cryptocurrency wallet data, personal files and other sensitive information from infected devices.

The tactic is particularly concerning because it turns a familiar social media format into a cybercrime delivery method. Short videos are easy to produce, easy to share and can appear more trustworthy when they are presented as simple technology tips or software hacks.

The campaign also targets people who may be looking to save money on popular digital services. Offers promising free Spotify Premium, Adobe tools or Microsoft products can appeal to users who are already searching for cheaper alternatives, especially younger users and students.

Security experts warn that the biggest red flag is any video or website that asks users to run a command, install an unknown file or bypass official subscription systems. Legitimate software providers do not ask customers to unlock paid products by pasting commands into PowerShell.

The attack shows how social engineering continues to evolve. Cybercriminals are no longer limited to suspicious emails and fake login pages. They are increasingly meeting users where they already spend time, including TikTok, Instagram, YouTube Shorts and other video first platforms.

Users can reduce their risk by avoiding offers for free versions of paid software, downloading apps only from official stores or vendor websites, keeping antivirus protection enabled, using a password manager and turning on multi factor authentication for important accounts.

Anyone who has followed instructions from a suspicious video should disconnect from the internet, run a full security scan, change passwords from a separate clean device and review online accounts for signs of unauthorised access.

The message for users is simple. If a video promises free access to a paid subscription and asks you to run a command on your computer, it is not a clever shortcut. It is likely a trap.

Cyber threats are no longer limited to suspicious emails. They are appearing in the apps, platforms and everyday shortcuts people use without thinking. The best defence is knowledge.

If you want to better understand how cybercriminals operate, how to spot common threats and how to protect yourself, your workplace and your data, now is the time to build your cybersecurity skills.

Take the next step with The Hack Academy’s self paced online training programme and start strengthening your cybersecurity defences today.

Photo Credit: DepositPhotos.com