Over the past couple of days, a new malware scam has been brought to light, that is claiming that TikTok is back in operation as TikTok Pro. Cashing in on the recent ban on 59 Chinese apps by the Indian government, scammers are reportedly spreading a download link of an app called TikTok Pro via WhatsApp and SMS messages. According to reports on the matter, the TikTok Pro app link downloads a malware to user devices, which then works in the background to steal user data.
To alert users about this, a PTI report says that Maharashtra cyber cell officials have alerted users against this fake app that is being used to spread a spyware-like file to a host of smartphones. While not a lot appears to be known about what TikTok Pro does, users on Twitter reported that the app seemed to be completely non-functional. Furthermore, users who downloaded TikTok Pro reported on Twitter that the app took permission for a user’s phone camera and microphone, but did not have any feature to make use of these permissions. All the indications appear to suggest a well-known technique of brute force scams, which are the least refined and most common form of cyber crimes.
Dear sir @hydcitypolice @CYBTRAFFIC @cpcybd Some of my friends got some notifications from online about tiktok pro app, in that there is an URL link once we click on that URL that message has been automatically forwarded to all of our phone contact. Kindly find the attachments. pic.twitter.com/nsrNh9tuOs — Purushotham gowd (@GowdPurushotham) July 4, 2020
The perpetrators behind TikTok Pro also appear to have knowingly bypassed presenting this app through the Google Play Store, and have been sending the APK file from a third party download source – something that is often an indication that the app may not be trustworthy. Users that downloaded the TikTok Pro app on their phones also complained that it forwarded a message with the APK download link to all their phone contacts the moment the app was opened, which further state that TikTok Pro is most likely a malware that is designed to install an RAT agent or even a spyware on people’s phones.
Alongside the Maharashtra cyber cell, the Telangana Police have also highlighted this message on Twitter, and warned users against clicking on any such link. As a general good practice, users are recommended to NOT click on any unverified link, even if they are sent by a person on their contact list. Such links often contain malware that downloads to devices in the background, and work quietly to steal personal, sensitive information such as login credentials, credit card details, contacts, or even gain elevated privilege to read all content on the screen and relay the information to remote servers hosted in disguised locations.
Malware such as TikTok Pro are very common in today’s cyber space, which is what makes it crucial for all users to proceed with caution when it comes to unverified, spam messages such as the ones shown above. As for TikTok Pro, the only solution that users have is to not download the link at all, and more details should be revealed once cyber security researchers dig deeper into the matter.