Table of Contents
- Cybercriminals have been sending messages on TikTok that open malware
- READ MORE: Urgent warning to all iPhone users after cyber attack
TikTok has confirmed a cyberattack targeting brands and celebrities, including Paris Hilton and CNN.
Hackers have been sending direct messages (DMs) to high-profile users in an attempt to install malicious software (“malware”) on their devices.
According to experts, this malware grants the cybercriminal remote access to the victim’s TikTok account.
In a statement, TikTok, owned by Chinese company ByteDance, confirmed the hack and described the threat as a “potential exploit.”
“We have been working closely with CNN to restore access to the account and implement enhanced security measures to safeguard your account in the future,” he said.
It’s one of the most popular social media apps of all time, but TikTok has been the target of a cyberattack targeting people via direct messages (DM).
“We are dedicated to maintaining the integrity of the platform and will continue to monitor any inauthentic activity.”
A TikTok spokesperson said Paris Hilton’s account was attacked but not compromised, according to the bbc.
Jake Moore, a technology expert and security advisor at ESET, said this is a type of “no-click attack,” where the TikTok user doesn’t even have to click on any link in the message to be affected.
Instead, simply opening the dubious message is deploying the malware.
“The malware would have granted access to the attacker, making it a previously unknown software vulnerability,” Moore told MailOnline.
It’s unclear what the user would have seen when clicking on the offending DM, but it could have been a photo, a video clip, or even just a code.
A TikTok spokesperson said Paris Hilton’s account was attacked but not compromised, according to the BBC.
The goal would have been to gain control to then publish content, although it is not clear if this has been achieved; Paris Hilton’s account does not appear to be affected.
Although it primarily targeted high-profile users such as Paris Hilton and CNN, lesser-known accounts and members of the public may have also been targeted.
“Some users would have opened it unfortunately and innocently,” Moore added.
“I imagine the attackers would have tested it on high-profile accounts first to get widespread prevalence.”
All TikTok users should be wary of unusual messages on the platform, the cyber expert added.
“Occasionally an extremely impressive attack will be designed where little or no interaction is required from the victim for the malware to be deployed to the account,” Moore said.
“Without warning and simply opening this red message in TikTok direct messages, it could take over the account, making it very challenging, even for the smartest users.
“Users should remain alert to unsolicited messages on the platform and treat opening messages with caution.”
TikTok is currently facing a ban in the US unless it is sold by its Chinese owners, although this has not stopped Donald Trump from recently joining the app despite previously wanting to ban it.
There has been concern among American politicians that the Chinese government could use the app to track Americans, censor content and promote Chinese narratives.
The app has already been banned on all devices owned and managed by the US House of Representatives.
Lawmakers and their staff received an email ordering them to remove the app because it is considered “high risk due to a number of security issues.”