CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 12, 2026

Hackers Use Free Spotify Premium Hacks on TikTok and Instagram to Spread Vidar Infostealer

Cybersecurity News Archived Jun 12, 2026 ✓ Full text saved

Hackers are now turning popular social media platforms into malware delivery channels, using the promise of free software to trap unsuspecting users. Short-form video platforms like TikTok and Instagram Reels have become the latest tools in a cybercriminal’s playbook, with attackers posting polished tutorial videos that promise free Spotify Premium, free Windows activation, or free […] The post Hackers Use Free Spotify Premium Hacks on TikTok and Instagram to Spread Vidar Infostealer appeared fi

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News Hackers Use Free Spotify Premium Hacks on TikTok and Instagram to Spread Vidar Infostealer By Tushar Subhra Dutta June 12, 2026 Hackers are now turning popular social media platforms into malware delivery channels, using the promise of free software to trap unsuspecting users. Short-form video platforms like TikTok and Instagram Reels have become the latest tools in a cybercriminal’s playbook, with attackers posting polished tutorial videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office. Instead of the freebies they are after, viewers end up with a dangerous infostealer quietly running on their Windows devices. The shift marks a clear evolution in how attackers choose to reach their targets. Cybercriminals have moved far beyond traditional phishing emails. Today, they are crafting content that looks and feels like everyday social media, blending in seamlessly with legitimate tech tips and tutorials. The videos are so well-produced that many viewers do not suspect anything is wrong until the damage is already done. This approach lets attackers reach millions of people through the very platforms those people trust most. Researchers at ReversingLabs uncovered two active campaigns using these short videos to trick users into running dangerous PowerShell commands or visiting malicious download sites. Analysts at Malwarebytes said in a report shared with Cyber Security News (CSN) that similar campaigns have been flagged by other researchers and national cybersecurity agencies, pointing to a growing trend. Cybercriminals are learning to exploit social media algorithms just as effectively as professional marketers, amplifying the reach of these attacks at almost no cost. The malware at the center of these campaigns is Vidar, a well-known infostealer built to quietly siphon sensitive data from infected devices. Once it lands on a machine, Vidar goes to work collecting saved browser passwords, autofill data, browser cookies, cryptocurrency wallet details, two-factor authentication data, and even TOR browser data. Everything harvested is then sent back to servers controlled by the attackers, giving them a detailed key to the victim’s entire digital life. Hackers Use Free Spotify Premium Hacks The first campaign is deceptively polished. Accounts using names like “windows.tips” or “windows.insights” post videos designed to look like genuine tech support content, complete with Windows-style branding and professional editing. The videos are tagged with Windows and Office-related keywords so they appear right alongside legitimate troubleshooting videos in search results and recommendation feeds. Viewers are walked through step-by-step instructions that include opening PowerShell, a legitimate Windows administrative tool, and pasting in a set of commands. Figure 1: Example of a fake Windows tutorial video used to deliver the Vidar infostealer (Image courtesy of ReversingLabs) Those commands then silently download and execute the Vidar infostealer in the background, with the user none the wiser. The technique closely mirrors what researchers have called ClickFix attacks, where users are socially engineered into running malicious code themselves, bypassing most traditional security defenses. Vidar’s Evasion Tricks and Security Risks Once Vidar is on a device, it does not just steal data and leave. Research into similar TikTok-based attack chains shows that the malicious scripts commonly add exclusions to Windows Defender, effectively blinding the built-in security tool to future threats. This means even after the initial infection is cleaned up, the device can remain exposed to follow-on attacks. The stolen information represents a serious risk beyond just one account or one platform. Browser cookies can be used to hijack active sessions without needing a password, and cryptocurrency wallet data can lead to direct financial loss. Two-factor authentication data in the wrong hands can defeat even accounts that appear to be securely protected. Security experts recommend downloading software only from official vendor websites and treating any “free” or cracked version of a paid product with real skepticism. Users should avoid following instructions on unfamiliar web pages, especially those asking them to run commands or paste code, as many of these pages use countdown timers or fake user counters to push people into acting fast. Checking that downloaded files match what was expected, verifying a file’s digital signature before running it, and keeping a real-time anti-malware solution active are all practical steps that can stop an infostealer before it ever runs. Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Tushar Subhra Dutta Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics. Trending News Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script Hackers Abuse SniperDz PhaaS Ecosystem for Brand Impersonation and Browser Hijacking Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws 73 Microsoft Packages Weaponized to Deploy Password Stealer Malware Latest News Cyber Security News Microsoft Outlook and Word Vulnerabilities Allow Attackers to Execute Malicious Code Cyber Security News Palo Alto PAN-OS Vulnerability Allows Attackers to Execute Arbitrary Commands as Root User Cyber Security News Google Patches 28 Chrome Vulnerabilities that Allow Attackers to Execute Malicious Code Cyber Security Microsoft Teams for Android Vulnerability Allows Attackers to Disclose Sensitive Data Cyber Attack News Oracle PeopleSoft 0-Day RCE Vulnerability Exploited in Attacks by ShinyHunters
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 12, 2026
    Archived
    Jun 12, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗