The Real Cost of Chasing Freebies Online, Users Tricked Into Installing Malware

Deceptive TikTok videos has surged across the platform, each promising a shortcut to unlock premium features for apps like Spotify, Microsoft Windows, and Office365. These slick, ten-second clips, viewed millions of times, instruct users to enter a simple command into Windows’ PowerShell tool. The pitch? Instant access to paid subscriptions for free. The reality? A malicious trap that installs malware to plunder personal data, documents, cryptocurrency, social media credentials directly from victims’ computers.

Junestherry Dela Cruz, a cybersecurity researcher at Trend Micro, uncovered this scheme and shared a stark warning with Forbes: traditional antivirus tools often fail to detect this threat. Unlike typical attacks delivered through email attachments or software vulnerabilities, this malware relies on users voluntarily running the malicious code, lured by the promise of free upgrades. “There is no malicious code present on the platform for security solutions to analyse or block,” Trend Micro noted in its report. “All actionable content is delivered visually and aurally.”

The sophistication of these videos raises unsettling questions. Why do they share eerily similar artificial voices, near-identical visuals, and synchronised camera angles? Dela Cruz suspects artificial intelligence plays a role in making these convincing fakes, amplifying their reach and impact. Could AI be enabling cybercriminals to scale deception with unprecedented precision?

TikTok acted swiftly, removing accounts flagged by researchers as malicious, though the company offered no further comment to Forbes. Yet the scale of the scam’s reach is undeniable. One video, boasting an instant boost to Spotify’s premium features, racked up over 500,000 views. Two accounts alone, with just 11 videos between them, neared 1 million views combined. How many viewers took the bait?

The comments on a video promising Windows pro features, viewed over 550,000 times, reveal the fallout. One user asked, “Is this safe?” The responses told a different story: “All my accounts were hacked because of these videos,” one victim wrote. Another reported, “My hard drive was wiped after running the code.” These accounts expose the real cost of chasing freebies online.

What drives people to trust these too-good-to-be-true offers? And how can platforms like TikTok stay ahead of AI-powered scams that blend seamlessly with legitimate content?