Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

Vidar infostealer delivered through TikTok and Instagram Reels

Malware Activity
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

Threat actors are using TikTok and Instagram Reels to deliver Vidar infostealer through fake free-software tutorials, putting viewers at risk of credential, financial-data, and token theft. One delivery path used an AI-voiced PowerShell lure that fetched the malware from msget[.]run. A second path used comments and direct messages to steer users to d4ug[.]site, although its final payload was not confirmed.

Related Happenings

TikTok and Instagram Reels Vidar social-engineering campaign

Campaign
H score37 First: 10.06.2026 19:00 Last: 10.06.2026 19:00 Sources 1

How related: Threat actors have been using short-form videos on TikTok and Instagram Reels to push the Vidar infostealer, disguising the attacks as tutorials for unlocking premium software for free.

About this happening: A **TikTok** and **Instagram Reels** campaign is using fake free-software tutorials to push **Vidar**, turning social feeds into a high-reach malware delivery channel. The operati...

Open Happening

Vidar infostealer market rise and distribution expansion

Malware Activity
H score33 First: 28.04.2026 22:07 Last: 28.04.2026 22:07 Sources 1

About this happening: **Vidar** remains a long-running **infostealer** threat, and **Aryaka** reported a fresh campaign in **recent weeks** that adds **new obfuscation techniques** and stronger **steal...

Open Happening

Pkr_mtsi Windows loader delivers multiple payloads

Malware Activity
H score32 First: 07.01.2026 18:45 Last: 07.01.2026 18:45 Sources 1

About this happening: **pkr_mtsi** is a **Windows loader** now being used to push **trojanized installers** through **malvertising** and **SEO poisoning**, increasing initial-access risk for Windows us...

Open Happening

UAC-0184 targets Ukrainian military and government entities via Viber-delivered malware

Campaign
H score40 First: 05.01.2026 19:56 Last: 05.01.2026 19:56 Sources 1

About this happening: **UAC-0184** has shifted to **Viber-delivered malware** to target **Ukrainian military and government entities**, extending an active **2025** espionage operation. The initial lur...

Open Happening

Tomiris multi-language malware modules using Discord and Telegram C2

Malware Activity
H score16 First: 01.12.2025 07:07 Last: 01.12.2025 07:07 Sources 1

About this happening: The **Tomiris** malware set is now using **Discord** and **Telegram** as C2, making its post-exploitation traffic harder to spot and letting operators blend in with legitimate ser...

Open Happening

Timeline

  1. 10.06.2026 19:00 2 articles · 1h ago

    Threat actors spread Vidar through fake free-software tutorials on TikTok and Instagram Reels

    Initial Disclosure

    ReversingLabs reported that threat actors used short-form videos on TikTok and Instagram Reels to push the Vidar infostealer by posing the lures as tutorials for unlocking premium software for free. The campaigns funneled viewers to fake free-software sites such as Spotify Premium, with one AI-voiced lure telling viewers to open PowerShell and paste a command that downloaded Vidar from msget[.]run, and a second, less polished campaign using comment bait and direct messages to steer users toward d4ug[.]site while its final payload remained unconfirmed.

    Show sources
    Open in new tab