Cybercriminals are using TikTok and Instagram Reels to push Vidar, an information-stealing malware, through videos that promise free access to paid software like Spotify Premium. As reported by Help Net Security, security firm ReversingLabs found accounts posing as Windows “tech tips” pages that tell viewers to open PowerShell and run a command which supposedly unlocks the software. The command quietly installs Vidar instead. One video racked up more than 100,000 views.

This matters because the entry point is your people, not your servers. Vidar harvests saved passwords, browser cookies and authentication tokens — and stolen session cookies can walk an attacker straight past multi-factor authentication until those sessions are revoked. Once logins are taken, business email compromise and ransomware often follow within a fortnight. The lure works on personal phones and home laptops that also sign in to your Microsoft 365, so a “harmless” weekend download can hand over work credentials.

Give your team one clear message this week: never paste a command into PowerShell or Terminal because a video told you to — that is the entire trick. Keep work logins in a password manager rather than the browser, switch on MFA everywhere, and make sure someone can revoke active sessions quickly if a device is compromised. On managed devices, block app installs and script execution for standard users. If you are not sure those controls are in place, ask your IT provider.

Our security awareness training runs phishing and social-engineering simulations so staff learn to spot exactly this kind of trick, and our managed cybersecurity limits what untrusted scripts can do on your devices.