THREAT actors are exploiting TikTok and Instagram Reels to distribute the Vidar infostealer through fake software tutorial videos. ReversingLabs identified two campaigns leveraging social media algorithms to attract large audiences by promoting fraudulent free software like Spotify Premium. The first campaign used accounts mimicking official profiles, where users were guided to run scripts that downloaded Vidar.
The second campaign involved less sophisticated tactics, with ordinary accounts enticing users to engage in comments to receive instructions directing them to sites with surveys. To mitigate risks, organizations are advised to audit software installation privileges, enhance phishing training, and encourage reporting of suspicious posts.