According to researchers, some prominent TikTokers earned up to $500,000 by promoting adware apps.
Usually, when we encounter users installing malicious apps, our general rule of advice for users is to stick with popular apps backed up by solid reviews. However, there can be instances where popular actors can be the guilty ones, be it in the form of apps or users.
Such a case has been reported today by researchers at Avast where it has been found that at least 3 TikTok profiles with followers exceeding 350,000 were promoting shady applications taking a net $500,000 home in the process.
See: Data scraping firm leaks 235m Instagram, TikTok, YouTube user records
The applications were involved in running ads intrusively – sometimes even when the app was closed, charging users exorbitant prices for simple services such as access to wallpaper and utilized subscription fees to ensure regular and timely theft, amounts ranging from $2-10.
The popular profiles discovered include an individual on TikTok with 300K+ followers and an Instagram user as well with a mere 5000 followers.
How the entire incident was brought to the attention of the authorities was due to a 12-year-old Czechian girl who found one of the apps being promoted as suspicious. Being a part of Avast’s Be Safe Online Project, seeing this, she reported it to Avast who investigated and eventually ended up uncovering the entire ordeal.
The apps which can be found in both the Google Play Store and Apple’s App Store are the following with over 2.4 million downloads collectively:
- Shock My Friends – Satuna: App Store
- 666 Time: App Store
- ThemeZone – Live Wallpapers: App Store
- shock my friend tap roulette v: App Store
- Ultimate Music Downloader – Free Download Music: Google Play
- Tap Roulette ++Shock my Friend: Google Play
- ThemeZone – Shawky App Free – Shock My Friends: Google Play
Screenshot of one of the malicious apps:
According to Avast’s blog post, both these and the accounts promoting them have been reported to the respective platforms.
“The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities or serving ads outside of the app and hiding the original app icon soon after the app is installed,” Jakub Vávra, threat analyst at Avast, says. “It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them.”
To conclude, although numbers apparently are not a good measure of the apps that are worth trusting, quality reviews always are. Therefore, for users who may want to avoid becoming victims, you may want to check how authentic the reviews look like.
Secondly, once you’ve downloaded an app, make sure you do not grant excessive permissions to any app as they can be misused. A point of concern though will always remain in the fact that children can be targeted as they were in this specific campaign and they may not be able to make educated choices. For this reason, it is vital that parents keep a check on the quality of apps their children download.
See: TikTok vulnerability allowed hackers to send SMS with malware
Moreover, as this 12-year-old was able to identify something malicious due to her cybersecurity training, parents may also consider the education route for their children which always pays in the long run.