Security specialists have warned that TikTok accounts are getting used to advertise rip-off apps for obtain on each the Google Play Store and Apple’s App Store.
An investigation by Avast discovered a number of TikTok profiles selling the apps to customers throughout the globe, regardless of the very fact they had been scamming victims out of their cash.
The firm says it has recognized seven adware rip-off apps out there on each the iOS and Android app shops, which have collectively been downloaded greater than 2.four million instances and have earned the individuals behind the rip-off greater than $500,000.
TikTok rip-off apps
Avast discovered at the least three TikTok profiles selling the apps, one among which has greater than 300,000 followers, in addition to an Instagram profile that boasted greater than 5,000 followers. The firm was alerted to the rip-off after a baby reported a TikTok profile selling what seemed to be a suspicious app to Avast’s Be Safe Online mission within the Czech Republic, which educates youngsters on tips on how to keep secure on-line.
The malicious apps, which all appear to be developed by the identical particular person or group had been:
- ThemeZone – Shawky App Free – Shock My Friends (Android)
- Tap Roulette ++Shock my Friend (Android)
- Ulimate Music Downloader – Free Download Music (Android)
- Shock My Friends – Satuna (iOS)
- 666 Time (iOS)
- ThemeZone – Live Wallpapers (iOS)
- shock my good friend faucet roulette v (iOS)
The apps all provided primary or unrealistic options, like easy video games that declare to shock gamers, or wallpapers for round between $2-10 – a excessive quantity contemplating video games and options like this are sometimes provided free of charge by different builders – in addition to aggressively delivering adverts to customers unfortunate sufficient to obtain.
Many of the apps had been HiddenAds trojans, a kind of trojan Avast reported on this summer time that disguises itself as a secure and helpful software however as an alternative serves intrusive adverts exterior of the app, and hides the unique app icon making it troublesome for customers to establish the place the adverts are being served from.
“We thank the young girl who reported the TikTok profile to us, her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place,” says Jakub Vávra, menace analyst at Avast.
“The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed. It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them.”
Avast says it has reported the apps to Apple and Google, and has reported the profiles to TikTok and Instagram.