Hackers send direct messages (DM) to famous users in an attempt to install malware on their device
TikTok has confirmed it suffered a cyberattack involving popular brands and celebrities, including Paris Hilton and CNN.
Hackers send direct messages (DMs) to famous users in an attempt to install malware on their device. This malware gives the hacker remote access to the “victim” user’s TikTok account, according to experts.
In a statement, TikTok, which is owned by Chinese company ByteDance, confirmed the cyber attack and described the threat as “exploitable”.
“We are working closely with CNN to restore access to the account and implement enhanced security measures to protect their account going forward,” it said.
“We are committed to maintaining the integrity of the platform and will continue to monitor for any further suspicious activity.”
A spokesperson for TikTok said that Paris Hilton’s account was targeted by the hacker but failed to breach it, according to the BBC.
Zero Click Attack
Jake Moore, technology expert and security consultant at ESET, said it is for a type of “zero click attack”meaning the TikTok user doesn’t even have to click on any link in the message to be affected.
Instead, just opening the malicious message deploys the malware.
“The malware was able to grant access to the hacker, introducing a new weakness in the software in question that was previously unknown,” Moore told MailOnline.
It’s unclear what the user would see by clicking on the offending DM, but it could have been a photo, a video clip, or even just a code.
The goal would be for the hacker to gain control of the profile and then be able to post content, although it is unclear if this has already been achieved. Paris Hilton’s account appears to have been unaffected after all.
What does this mean for “ordinary users”
Although it was primarily directed at famous users such as Paris Hilton and CNN, lesser-known accounts and members of the public may have also been targeted.
“Some users would have unfortunately opened it out of ignorance,” Moore added.
“I imagine the attackers would have tried it on ‘high profile’ accounts first to gain widespread traction.”
All TikTok users should be wary of unusual messages on the platformadded the cyber expert.
“This opens the way for a highly impressive form of cyberattack in which little or no interaction is required from the victim to deploy the malware on the user’s account,” Moore said.
“Without warning and just opening that pink message in TikTok’s DMs, it could take over the account, causing problems for even the most experienced users.
“Users should remain vigilant for unsolicited messages on the platform and open their messages with caution.”
TikTok currently faces a ban in the US unless it is sold by its Chinese owners, although that didn’t stop Donald Trump from joining the app recently, despite previously wanting to ban it.
There have been concerns among US politicians that the Chinese government could use the app to track Americans, censor content and promote China’s rhetoric.
The app has already been banned from all devices owned and operated by the US House of Representatives.
Lawmakers and their staff received an email asking them to delete the app because it was considered “high risk due to certain security issues.”
Source :Skai
I am Terrance Carlson, author at News Bulletin 247. I mostly cover technology news and I have been working in this field for a long time. I have a lot of experience and I am highly knowledgeable in this area. I am a very reliable source of information and I always make sure to provide accurate news to my readers.
