Scam profiles on TikTok have made a total of $500,000 by pushing scam apps to underage children on the platform. Some of these apps had more than 350,000 followers on their accounts and the scam involved more than 7 malicious apps on the Google Play Store and Apple’s App Store.
These apps were downloaded more than 2.4 million times in total which raised more than $500,000 for scammers.
This was first spotted by a 12-year old girl from the Czech Republic who noticed suspicious activity on a popular app trending on TikTok and reported it to Avast. She was a part of Avast’s “Be Safe Online” cybersecurity initiative that teaches the young audience how to spot suspicious behavior online.
Researchers from Avast investigated the suspicious activity and discovered the detailed scam. These apps were disguised as useful software but would serve trojan viruses disguised as intrusive ads. They would also hide their app icons to prevent removal. Most of these apps were created by the same group of developers.
Following the discovery, the malicious apps were immediately reported to Google, Instagram, TikTok, and Apple.
Ben Pick, a Senior Application Security Consultant at nVisium, said:
Using TikTok profiles for promoting scam apps is only the latest vector of abusing popular channels to capture profit from unsuspecting supporters. The best method to not be susceptible is to verify the app being downloaded and not click a link directly from a user’s profile.