Urgent Windows Warning: New Scam Targets Office and Spotify Users
Urgent Windows Warning: New Scam Targets Office Users

An urgent alert has been issued to millions of Windows users after the discovery of a new scam that offers Office and Spotify for free.

Anyone with a Windows-powered PC needs to stay alert and watch out for a worrying new scam. This latest attack is seeing hackers shift direction and move away from fake emails and texts, which are often now captured by highly efficient spam detection software. Instead of trying to get users to click on links in messages, cyber crooks are now using social media platforms, such as TikTok, to spread data-stealing bugs.

How the Scam Works

Short videos are being posted online which claim that Windows users can get access to software such as Microsoft Office and Spotify Premium for free. Viewers are then guided through step-by-step instructions that include opening Powershell, a legitimate Windows admin tool, and pasting in commands.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

Security researchers at ReversingLabs say they have uncovered two active campaigns that use these short videos to trick users. Those fooled could find that dangerous PowerShell commands are run, or they are taken to malicious download sites, which then install nasty malware called Vidar. This is an infostealer designed to pinch sensitive information from infected devices.

Expert Warnings

Speaking about this latest type of attack, the security experts at Malwarebytes said: "We’ve already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they’re being lured with slick social media videos that promise free Spotify Premium, free Windows activation, or free Microsoft Office, but instead leave people with infostealers on their Windows devices."

Protection Advice

In a bid to help users stay protected, Malwarebytes has issued some important advice:

Pickt after-article banner — collaborative shopping lists app with family illustration
  • Only download software from official vendor websites.
  • Never instantly trust a site that asks you to run commands on your device or copy and paste code.
  • Many ClickFix pages also use countdowns, fake user counters, or other pressure tactics to make you act quickly so be wary if anything like that pops up on the screen.
  • Check that the downloaded files match what you expected to download.