Security experts have warned that TikTok accounts are being used to promote scam apps for download on both the Google Play Store and Apple’s App Store.
An investigation by Avast found multiple TikTok profiles promoting the apps to users across the globe, despite the fact they were scamming victims out of their money.
The company says it has identified seven adware scam apps available on both the iOS and Android app stores, which have collectively been downloaded more than 2.4 million times and have earned the people behind the scam more than $500,000.
TikTok scam apps
Avast found at least three TikTok profiles promoting the apps, one of which has more than 300,000 followers, as well as an Instagram profile that boasted more than 5,000 followers. The company was alerted to the scam after a child reported a TikTok profile promoting what appeared to be a suspicious app to Avast’s Be Safe Online project in the Czech Republic, which educates children on how to stay safe online.
The malicious apps, which all seem to be developed by the same person or group were:
- ThemeZone – Shawky App Free – Shock My Friends (Android)
- Tap Roulette ++Shock my Friend (Android)
- Ulimate Music Downloader – Free Download Music (Android)
- Shock My Friends – Satuna (iOS)
- 666 Time (iOS)
- ThemeZone – Live Wallpapers (iOS)
- shock my friend tap roulette v (iOS)
The apps all offered basic or unrealistic features, like simple games that claim to shock players, or wallpapers for around between $2-10 – a high amount considering games and features like this are often offered for free by other developers – as well as aggressively delivering ads to users unlucky enough to download.
Many of the apps were HiddenAds trojans, a type of trojan Avast reported on this summer that disguises itself as a safe and useful application but instead serves intrusive ads outside of the app, and hides the original app icon making it difficult for users to identify where the ads are being served from.
“We thank the young girl who reported the TikTok profile to us, her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place,” says Jakub Vávra, threat analyst at Avast.
“The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed. It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them.”
Avast says it has reported the apps to Apple and Google, and has reported the profiles to TikTok and Instagram.