Ever since TikTok was banned in India, along with other Chinese apps, several urls are being circulated that promise users a way to run the app in the country. However, all of these links are fake and aim to steal user data as well as information.  

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

Kaspersky researchers have recently found that cybercriminals are sending users links to download malicious app to their phones. A seemingly genuine message is sent by a known contact to targets informing them about an alternative app with a download link available in place of TikTok. 

WATCH Asus ROG Phone 3 first look

Named as “TikTok Pro”, once installed on a user’s device, the app asks for permission to read contacts and send SMS. Then the user is asked to enter their TikTok credentials and click on the advertisement or install an advertised application – one of the ways cybercriminals earn money from app distribution.  

The malware steals the affected users’ information and sends text with the malicious link to all numbers in the affected users’ contact book. Fortunately, the current malware modification does not steal users’ account credentials.  

“This activity shows that cybercriminals are increasingly getting intelligent and are constantly evolving according to the current landscape – they are quick to adapt and do not restrain from using ‘hot’ topics – to make themselves relevant”, noted Igor Golovin, malware analyst at Kaspersky. 

How to protect yourself?

·Always download applications from the official app store. 

·Read through the list of app permissions to ensure you are aware of what information and functions the app can access on your device, which can be crucial to identify if an app is fake or not 

·Use a trusted cybersecurity solution like Kaspersky Internet Security for Android to secure your device  

"Cybercriminals understood that Tik Tok as one of the most popular apps amongst Indian consumers to date, could also be a good bait to attack the users. We urge users to follow basic cyber hygiene while online. If a user has received a link from their known contact, there is no harm in rechecking with their friend about the same or checking for its authenticity through other reliable sources. It is always better to be a little more suspicious online rather than being a victim to a cybercriminal activity", Dipesh Kaura, General Manager for South Asia, Kaspersky added.