IT security Zscaler discovered the threat, with spyware being spread via a bogus TikTok Pro app.The malware has a vicious skillset at its disposal,
IT security Zscaler discovered the threat, with spyware being spread via a bogus TikTok Pro app.
The malware has a vicious skillset at its disposal, able to capture photos, make calls, read private SMS messages and send new ones, launch apps as well as steal a victim’s Facebook credentials. The TikTok Pro is being spread via threat actors on WhatsApp and in SMS messages, urging them to download it.
Speaking about the threat, Zscaler senior security researcher Shivang Desai in a report online said: “When popular applications come under fire and are featured prominently in the news, hackers get excited as these newsworthy apps can become their latest target. And TikTok is no exception.
“Generally, after an application gets banned from an official app store, such as Google Play, users try to find alternative ways to download the app. In doing so, users can become victims to malicious apps portraying themselves as the original app. Recently there was a huge wave of SMS messages, as well as WhatsApp messages, making the rounds asking users to download the latest version of TikTok. In reality, this downloaded app is a fake app that asks for credentials and Android permissions (including camera and phone permissions), resulting in the user being bombarded with advertisements.”