This threat involves two distinct social engineering campaigns on TikTok and Instagram Reels that distribute the Vidar infostealer malware. The first campaign impersonates official Windows accounts with AI-generated voice tutorials that instruct users to execute PowerShell commands downloading Vidar from malicious domains such as msget.run and d4ug.site. The second campaign uses ordinary accounts posting music-backed clips and lures victims through comments to receive malicious links via direct messages. Vidar, sold as a $300 lifetime license malware-as-a-service, harvests sensitive information including credentials, financial data, and authentication tokens. These campaigns leverage platform algorithms by encouraging users to save and share the videos, increasing infection potential.

Successful execution of the described social engineering campaigns results in the installation of the Vidar infostealer on victim systems. This malware harvests credentials, financial information, and authentication tokens, potentially leading to account compromise, financial theft, and further unauthorized access. The campaigns exploit user trust in social media content and the platform recommendation systems to maximize victim exposure.

No official patch or fix applies as this is a social engineering and malware distribution campaign. Users should be educated to avoid running PowerShell commands from untrusted sources and not to click on unsolicited links received via social media direct messages. Organizations should warn users about fake software tutorials on social media platforms and monitor for indicators such as the domains msget.run and d4ug.site. Employing endpoint protection solutions capable of detecting Vidar malware may help reduce impact.