TikTok and Instagram Reels Vidar social-engineering campaign
Campaign
Summary
Hide ▲
Show ▼
A TikTok and Instagram Reels campaign is using fake free-software tutorials to push Vidar, turning social feeds into a high-reach malware delivery channel. The operation used two campaigns to game recommendation systems, with one clip drawing more than 100,000 views and another logging nearly 1700 saves. One path delivered a PowerShell command that fetched Vidar from msget[.]run, while another used comment bait and direct messages to steer viewers toward d4ug[.]site. The activity combines social engineering, platform engagement tricks, and lure-based download chains to drive installation attempts at scale.
Related Happenings
Vidar infostealer delivered through TikTok and Instagram Reels
Malware Activity
H score27
First: 10.06.2026 19:00
Last: 10.06.2026 19:00
Sources 1
How related:
Vidar is a long-running infostealer sold as a service for a $300 lifetime license, harvesting credentials, financial data and authentication tokens.
About this happening:
Threat actors are using **TikTok** and **Instagram Reels** to deliver **Vidar infostealer** through fake free-software tutorials, putting viewers at risk of **credential**, **fina...
Vidar infostealer delivered through TikTok and Instagram Reels
Malware ActivityHow related: Vidar is a long-running infostealer sold as a service for a $300 lifetime license, harvesting credentials, financial data and authentication tokens.
About this happening: Threat actors are using **TikTok** and **Instagram Reels** to deliver **Vidar infostealer** through fake free-software tutorials, putting viewers at risk of **credential**, **fina...
DriveSurge large-scale website-hijack malware distribution campaign
Campaign
H score41
First: 02.06.2026 01:14
Last: 02.06.2026 01:14
Sources 1
About this happening:
The **DriveSurge** campaign is redirecting visitors from **thousands of compromised websites** to **malware-delivery infrastructure**, creating a broad infection path through **Cl...
DriveSurge large-scale website-hijack malware distribution campaign
CampaignAbout this happening: The **DriveSurge** campaign is redirecting visitors from **thousands of compromised websites** to **malware-delivery infrastructure**, creating a broad infection path through **Cl...
GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy
Malware Activity
H score41
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...
GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy
Malware ActivityAbout this happening: **GREYVIBE** is a **Russian-speaking** malware activity targeting **Ukraine and Ukraine-related entities** since at least **August 2025**. The group uses **spear-phishing e-mails*...
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
Campaign
H score38
First: 11.05.2026 18:15
Last: 11.05.2026 18:15
Sources 1
About this happening:
The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria
CampaignAbout this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....
Vidar Stealer ClickFix campaign targeting multiple sectors
Campaign
H score38
First: 08.05.2026 14:00
Last: 08.05.2026 14:00
Sources 1
About this happening:
The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...
Vidar Stealer ClickFix campaign targeting multiple sectors
CampaignAbout this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...
Timeline
-
10.06.2026 19:00 2 articles · 2h ago
TikTok and Instagram Reels campaigns deliver Vidar through fake free-software tutorials
Initial DisclosureReversingLabs described TikTok and Instagram Reels campaigns that used fake free-software tutorials to steer viewers into Vidar delivery chains. One set of near-identical accounts used an AI-voiced PowerShell lure that fetched Vidar from msget[.]run and impersonated a Windows profile, while another used music-backed clips, comment bait, and direct messages to point viewers toward sites such as d4ug[.]site.
Show sources
- Fake Software Tutorials on TikTok Spread Vidar Stealer — www.infosecurity-magazine.com — 10.06.2026 19:00
- Fake Software Tutorials on TikTok Spread Vidar Stealer — www.infosecurity-magazine.com — 10.06.2026 19:00