With countries across the globe mulling ban on TikTok, a popular social media app, cyber fraudsters are using this opportunity to spread fake TikTok apps to infect and scam more victims. Recently, SonicWall Capture Labs Threat Research team identified one such fake TikTok app that tries to steal victims’ credentials from their TikTok account by showing a fake login page.
On further investigation of the domain, similar links as found under Tik Tok Beta directory are present for directories of Facebook and Instagram as well. The domain and page are similar indicating that authors behind this malware have multiple popular target apps in mind.
Debasish Mukherjee, VP, Regional Sales – APAC at SonicWall, says, “We are noticing a spike in the number of phishing attacks through malicious links and apps that hack devices and steal data of users. And fake Tik Tok app is the latest to join this bandwagon. Cybercriminals are working overtime to impact people’s lives. Though banned in India, Tik Tok which has mass appeal does compromise data of millions of users with this kind of attack. Individuals are advised to be extremely vigilant against such unwarranted attacks.”
Those with a keen sense of observation will easily spot the phishing page but as evident from one of the pages obtained on the server, few people were duped into entering their legitimate credentials.
This is how it works:
Upon installation and execution, we see a custom TikTok login page:
The fonts, colors and overall appearance of the login screen raises suspicion of a phishing/fake page.
On entering the credentials, a 404 Page Not Found error is shown which further raises suspicion as popular apps handle such error conditions in a more professional and elegant way
If a victim has reached this far, his account is already compromised as the entered credentials are sent to the attacker’s server account-[redacted].000webhostapp.com
Debasish further emphasized that, “The new business norm is compelling organisations to relook at cybersecurity due to increasing number of remote users and distributed networks. To ensure cybersecurity administration is easier and more accessible, SonicWall recently announced new zero touch-enabled, multi-gigabit SonicWall TZ firewalls with SD-Branch capabilities, along with a redesigned cloud-native management console that helps streamline operations through fresh and modern user interfaces.”
Phishing pages have become a very common medium in stealing sensitive user information, especially during the lockdown. Thus, one of the best ways to protect yourself against such threats is to install apps only from the Google Play Store and follow proper security practices.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]