The Maharashtra Cyber Police warned citizens not to click on Tiktok links as they may contain malware aimed at capturing user data. An official told PTI that the department had found that fraudsters were creating fake Tiktok Pro links to snare people who want to download the video-sharing device that is now banned in the country along with several other Chinese apps. He said online fraudsters were sending links through WhatsApp and text messages to trap gullible netizens.
When legitimate, popular channels to acquire a popular app are blocked for whatever reason, it presents an opportunity for malicious actors to lure victims by promising a way around the restriction. We have seen similar attempts to entice users to install malware in connection with the distribution of Fortnite for Android outside of Google Play as well as the geographically staggered release of PokemonGo. The removal of the TikTok app from both Google Play and the Apple App Store in India has created a similar situation. Users should limit their risk by only installing apps from the official app stores and using mobile security as an added layer of protection.
Phishing attacks like the fake TikTok link incidents in Maharashtra will continue to prove to be fruitful for the bad guys until users are educated on the risks of clicking links in text messages, WhatsApp messages, and emails.
When users are looking to download apps like TikTok they will find that legitimate sources of the apps will not ask for personal or financial information before allowing them to download a free app. As for myself, I would also be concerned as to what TikTok does with my data after I install the app, as it has been found to spy on the clipboard on iOS devices.
This is a variation of a very common attack in which attackers lure victims into clicking on links that seem legitimate, but in fact lead to phishing pages or malware downloads. Because TikTok is popular, many people will click on links without a second thought. Remember: never click on links in unsolicited messages.