Malicious files hidden in counterfeit ‘TikTok Pro’ applications

Indian police have warned against downloading malware-spreading fake TikTok apps

Indian police are warning citizens against downloading a fake TikTok app that disguises malware as the nationally outlawed video sharing platform.

Links to a fake ‘TikTok Pro’ app are being shared on social media, which download malicious files when clicked, Maharashtra Cyber Police said on Twitter.

Similarly fraudulent messages are also being spread on WhatsApp, local media has reported.

It comes after the Indian government banned the use of TikTok, a video sharing app popular with young people, over unspecified national security concerns.

Police warn that “miscreants” are spreading malware under the guise of an app called ‘TikTok Pro’, which advertises itself as an alternative to the social media platform.

Once downloaded and installed, the fake application asks for permission to access the user’s camera, images and microphone, before stealing sensitive information from the device.

“Users should never download and APK files that mimic services of TikTok or any other popular apps banned by the government as these can be sources of spreading malware,” an advisory reads.

“If you do come across such kind of a message through any social media platform, delete it and strictly do not forward to others.

“This fake app isn’t available on the Google Play app store and hence people are also not advised to download it from any external sources.”

Read more of the latest cybersecurity news from India

TikTok is one of 59 Chinese apps banned in India, after claims that the apps secretly collect information from devices and pass this on to the Chinese government.

India claims that use of these apps threaten the country’s national security.

The makers of TikTok hit back against these claims, denying that it operates in China and is therefore not subject to Chinese law.

Christoph Hebeisen, director of security intelligence at Lookout, told The Daily Swig: “When legitimate, popular channels to acquire a popular app are blocked for whatever reason, it presents an opportunity for malicious actors to lure victims by promising a way around the restriction. 

“We have seen similar attempts to entice users to install malware in connection with the distribution of Fortnite for Android outside of Google Play as well as the geographically staggered release of Pokémon Go. The removal of the TikTok app from both Google Play and the Apple App Store in India has created a similar situation. 

“Users should limit their risk by only installing apps from the official app stores and using mobile security as an added layer of protection.”

READ MORE WeTransfer banned in India over supposed national security concerns