Recently, malicious code has infiltrated TikTok, compromising the official accounts of celebrities and brands. Notable victims allegedly include CNN, Paris Hilton, and Sony
According to Forbes* the attack spreads via direct messages (DMs) within the TikTok app, without requiring any user interaction beyond opening the message. Although the affected accounts don’t seem to be posting content, the extent of the impact remains uncertain.
If you’re a TikTok user, it’s advisable to exercise caution and avoid opening DMs until TikTok addresses this issue with a repair or patch. TikTok has a support page with guidance on handling hacked accounts, including password resets and two-factor authentication.
Every so often an extremely impressive attack delivery will be designed where little or no interaction from the victim is required for the malware to deploy on the account. Without warning and by simply opening this rouge message within TikTok’s DMs it could take over the account making it very challenging, even for the most savvy of users.
Typically, the most sophisticated zero day attacks at this level can be associated with Nation State actors using very clever and bespoke malware to target a platform and exploit any unknown vulnerabilities – but this is extremely rare.
Although this seems to be contained, users should remain vigilant of unsolicited messages on the platform and treat opening messages with caution.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 