Cybercriminals are exploiting TikTok’s reach with fake tech “fixes” that install info-stealing malware instead of free software.

Viral trap masquerading as a free fix

A new scam spreading across TikTok is luring users with promises of free access to expensive programs, such as Adobe Photoshop or Microsoft Windows. However, instead of unlocking software, it unlocks your personal data for hackers.

The attack, identified by cybersecurity researcher Xavier Mertens and detailed by the SANS Institute, uses a method called ClickFix, a social engineering tactic that convinces victims to compromise their own systems.

In the videos, scammers demonstrate what appears to be a simple technical trick: running a short command in PowerShell to activate software or “fix” an error. Thousands of viewers watch the videos, and many follow the steps, unaware that they’re executing malicious code. Once run, the script silently downloads and installs AuroStealer, a Trojan that harvests passwords, browser data, and other sensitive information.

How ClickFix works and why it’s so dangerous

ClickFix attacks differ from traditional phishing. Instead of tricking you into clicking malicious links, they guide you through the process of infecting your own device. Instructions are designed to seem trustworthy and technical, often framed as helpful “life hacks” or license bypasses.

Because these steps occur on your local system, many security tools and browsers can’t easily detect them. Malware delivered through ClickFix campaigns can include data stealers, remote access trojans (RATs), ransomware, or even self-replicating worms. Microsoft’s latest Digital Defense Report found that since 2024, ClickFix has been used in nearly half of all recorded cyberattacks, surpassing phishing in popularity among cybercriminals.

Why TikTok became the perfect delivery system

TikTok’s short, fast-paced video format makes it an ideal environment for spreading this kind of scam. The app’s algorithm promotes “how-to” and “tech tips” content widely, giving scammers free reach without needing to manage websites or email campaigns. Some clips even use AI-generated narrators or fake tech influencers to add legitimacy.

Researchers have observed similar scams since early 2024, with fake “Spotify improvement” or “Windows repair” tutorials secretly deploying malware. These videos often rack up hundreds of likes before platforms remove them, and new ones appear almost immediately afterward.

Think before you paste and run

Avoid running any command you find in a social media post, regardless of how convincing the tutorial appears to be. If you’re not sure what a command does, don’t execute it. Software licenses and genuine fixes should only come from official vendors or verified support channels.

Regularly update your antivirus software and consider enabling PowerShell logging if you’re a Windows user, which can help detect suspicious commands. Finally, share this knowledge with others: scams like ClickFix rely on curiosity and trust, and awareness is one of the best defenses.

Stay safe with specialized tools

Don’t wait until a TikTok “free software” hack catches you off guard. Bitdefender Scamio, our AI-powered scam detector, helps you verify suspicious links, messages and media content before you fall victim. Simply paste or describe any suspicious content, and Scamio instantly analyzes it for red flags, keeping you one step ahead of cybercriminals.

For complete protection, upgrade to Bitdefender Ultimate Security. It shields your devices from malware, phishing, data theft, and advanced cyberthreats while also securing your privacy and identity across platforms. From real-time protection to password management and VPN coverage, it’s your all-in-one defense against evolving online scams.

FAQ: ClickFix scams and online protection

What should I do if I’ve already run a suspicious command from TikTok?

Immediately disconnect your device from the internet and perform a full system scan with a trusted security suite such as Bitdefender Ultimate Security. Change your passwords afterward, especially for financial or email accounts.

How can I tell if a tutorial video is fake or risky?

Be skeptical of any video that promises free access to paid software or requires you to paste code into PowerShell or Command Prompt. Legitimate tech fixes rarely, if ever, involve these steps from unofficial sources.

Is TikTok doing anything to stop ClickFix scams?

TikTok sometimes removes malicious content once it’s reported, but new videos appear frequently. Using tools like Bitdefender Scamio helps you verify and reports threats faster.

How can Bitdefender help protect me from ClickFix attacks?

Bitdefender Ultimate Security’s advanced threat detection stops malicious scripts before they execute, blocks unsafe downloads and monitors suspicious system behavior in real time, ensuring that even if you click or copy the wrong command, your system stays protected.