Person using TikTok on mobile phone showing TikTok profiles promoting scam apps

Scam TikTok Profiles Made $500,000 Pushing Scam Apps to Underage Children on Both Apple and Google App Stores

Avast report found that several popular TikTok profiles profited by pushing scam apps to underage children.  At least three TikTok accounts with over 350,000 followers were implicated. The campaign involved at least seven scam apps distributed on both Google Play Store and Apple App Store. Users had downloaded the rogue apps more than 2.4 million times, earning the fraudsters more than $500,000.

TikTok profiles pushing scam apps

A 12-year old girl from the Czech Republic discovered a suspicious behavior on a popular app trending on TikTok and reported it to Avast. The child was a participant in the Avast’s “Be Safe Online” cybersecurity initiative that teaches the youth how to identify cyber threats.

Researchers at the cybersecurity firm investigated and found at least three TikTok profiles aggressively advertising scam apps to underage children. One of the TikTok profiles had more than 300,000 followers, while an Instagram account had more than 5,000 fans. Following the discovery, Avast researchers reported the scam apps to Google, Apple, Instagram, and TikTok.

Jakub Vávra, a threat analyst at Avast, said that “the apps we discovered are scams and violate both Google’s and Apple’s app policies.” He disclosed that the apps made misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon after installation. Vávra added that the “apps are being promoted on social media platforms popular among younger kids” incapable of spotting the red flags surrounding the apps.

Scam apps promoted by rogue TikTok profiles

Avast researchers found that the malicious apps were developed by the same individual or group, variously known as Abdelsatar Abdalmotaleb, Moteleb Inc., or Go Best.

Android scam apps promoted included ThemeZone – Shawky App Free – Shock My Friends, Tap Roulette ++Shock my Friend, and Ultimate Music Downloader – Free Download Music.

On the iOS platform, the malicious TikTok profiles promoted Shock My Friends – Satuna, 666 Time, ThemeZone – Live Wallpapers, and Shock My Friend Tap Roulette V.

Characteristics of scam apps promoted on TikTok

Avast reported that most of the scam apps promoted by the popular TikTok profiles were HiddenAd trojans. Such apps are disguised as useful software but served intrusive ads outside the app. They also hid app icons to prevent users from finding out the ads’ source or uninstalling them.

The apps claimed to offer cool features that would shock players for about $2 – $10. Others claimed to offer beautiful wallpapers or help users download music, pictures, or video.

However, the features were either too simplistic, freely available, or simply nonexistent. Additionally, the apps had strikingly low ratings, very few reviews, or users complained of them being scams.

Commenting on the TikTok scam apps marketing, Ben Pick, a Senior Application Security Consultant at nVisium, said:

“Using TikTok profiles for promoting scam apps is only the latest vector of abusing popular channels to capture profit from unsuspecting supporters. The best method to not be susceptible is to verify the app being downloaded and not click a link directly from a user’s profile.”

Pick advised users to check for excessive permissions and bad reviews to identify malicious and scam apps before downloading.

Hank Schless, Senior Manager, Security Solutions at Lookout, says that the scam was a social engineering campaign that was less targeted.

“Threat actors could easily use this same strategy to distribute a more invasive form of mobile malware such as spyware,” Schless said.

“When India banned the app, cyber criminals distributed a fake version of the ‘TikTok Pro’ app via social media, SMS, and messaging platforms within a week of the nation banning the real TikTok app,” Schless added. “This was the more targeted form of social engineering that we are used to seeing.”