The Chinese app TikTok was recently banned in India, but a malware meant for TikTok Pro is shared in WhatsApp groups. The malware is made with information-stealing in mind, affecting a victim's phone. Taking advantage of any people who want to use TikTok, the scammers are spreading malware links through WhatsApp. In a recent development, the Indian government banned 59 Chinese apps, with TikTok among them, because of security reasons in light of the border tensions between China and India.
This Week In Malware Ep16 Pt3: Fake TikTok App Spreading Malware Through Smishing/Phishing Campaigns
Apart from TikTok, the other Chinese apps that got banned include Sharelt, Club Factory, Shein, ShareIt, UC Browser, Baidu Maps, Clash of Kings, and the DU Battery Saver. An advisory was issued that warned Indian users against the malware capable of stealing sensitive information from their phones.
After the ban of TikTok, many other alternatives were developed in India, building their user base. Instagram launched Reels in the country as an alternative to TikTok, filling the void left after the app was removed. The Maharashtra Cyber Cell warned citizens of the new TikTok scam on their Twitter account. The scammers are calling the TikTok Pro app an alternative to the banned TikTok. The attackers send text messages through other social media platforms, attempting to get users to download their app via external links. The message contains the following:
"Enjoy TikTok videos and also make creative videos again. New TikTok is only available in (TikTok Pro) so Download from below: link"
The Maharashtra government advised citizens to avoid clicking on the link or downloading any APK files of the banned apps, as they may be potentially used as sources of malware.
What Steps Can Users Take to Avoid Fake Apps?
Besides clicking on unverified links or downloading any APK files of banned apps, users have been advised to delete messages like the one sent by the scammers. Forwarding such messages to other users should also be avoided, as that may spread the infection. Users were also advised to ensure the links they click on start with HTTPS and download apps from trusted platforms such as the Google Play store.
Indian smartphone users may not be aware of the potential malware attacks and cybersecurity issues. It may be hard for them to spot a fake app if they're not looking for. The easiest way to ascertain whether an app is legitimate is to check its availability on the Google Play Store or the App Store for iOS. If official sources didn't approve the app, it's best to avoid downloading it.
Users should also avoid clicking on shortened URLs in messages sent on social media, especially if the link's source cannot be verified before opening. If there are any doubts about the origin of the software, visiting the official website should give users a legitimate software.