iOS
Android
Malware
Threat Guidances
June 12, 2020

Tiktok Pro

Lookout and Recommendation for Admins

Lookout warns end users about app risks, including sideloads, on iOS and Android devices as they happen. The Lookout client takes immediate action when it detects an app on the device that doesn’t originate from an official app store or an enterprise’s own EMM solution. Lookout responds according to the organization’s policy by either alerting the user or alerting the user and blocking internet access. This ensures that no corporate data is at risk while the app is on the device. Lookout detects side-loaded apps on both iOS and Android devices, protecting devices in a consistent way independent of the mobile platform.

Overview

In June 2020, TikTok was banned from the iOS and Google Play stores in India due to activities “prejudicial to the sovereignty and integrity of India.” Just a week later in July, the US Secretary of State announced that the United States was looking into a similar ban over security concerns of the app and the activities of its parent company ByteDance.

Within a week of India banning TikTok, malicious actors started taking advantage of the ban to deliver malware to victims. Maharashtra Cyber, which is a Nodal office under the Government of Maharashtra for Cyber Crime investigation, tweeted out a warning of a fake TikTok Pro app being distributed via SMS, social media, and messaging platforms.

Lookout Analysis

Lookout conducted an in-depth analysis of the fake TikTok Pro app and has classified it as toll fraud malware. Toll fraud is an old but effective way for malicious actors to deliver a cheaply built app (ex: TikTok Pro’s file is only 2.2MB versus TikTok, which is 55.2MB on Android) in order to leverage the victim’s phone for financial gain.

Lookout found that the malicious app requests very similar permissions as the real TikTok app such as the location, device sensor data, and contacts. The device user installs this app by sideloading it, which means it’s installed from a 3rd-party app store. While sideloaded apps are not always intended to be malicious, they can be laced with malware and introduce threats to the user’s personal or corporate data accessed from the device. Once TikTok Pro is sideloaded onto the device, it cannot be opened on the device and acts as toll fraud malware that sends premium text messages to Indian phone numbers without the end-user’s knowledge.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Platform(s) Affected
iOS
Platform(s) Affected
Android
Threat Type
Malware
Entry Type
Threat Guidances
Platform(s) Affected
iOS
Android
Malware
Threat Guidances

Related Content

Four Chrome Zero Days

Google recently disclosed eight new mobile vulnerabilities in Chrome including four zero-days

Read Threat Article

BancaMarStealer

A customizable Malware-as-a-Service banking trojan delivered through any app with messaging capabilities.

Read Threat Article

Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy

Researchers at the Lookout Threat Lab have discovered a new Android surveillance tied to the Law Enforcement Command of the Islamic Republic of Iran (FARAJA).

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell