The new TikTok Pro app steals passwords and other important data

Researchers encourage people to not download TikTok Pro due to malicious functions of data exfiltration

TikTok Pro app steals important informationBy downloading the TikTok Pro App, people download spyware.

Researchers have discovered new spyware[1] disguised as the TikTok Pro app. This mobile program can take over basic device functions: capturing photos, making calls, reading and sending SMS messages, and launching apps or processes. Moreover, this spyware can steal Facebook login credentials, victim's location, and other important information.

TikTok[2] is a very popular video-sharing social networking service that raised to the top more recently. People use this app to create short videos of music, lip-sync, comedy, dance, or talent, that last for about 3 to 15 seconds, and short looping videos of 3 to 60 seconds. But TikTok Pro is a fake application designed to spy on its victims it only lures people into downloading malware.

Although the TikTok Pro app isn't in the official Google Play Store, because Donald Trump declared that he wants to ban TikTok in the U.S.,[3] many people are trying to download TikTok from different sources and still use those features. While a lot of users may believe that this app is real and safe, it isn't.

Shivang Desai from Zscaler security firm explained the situation:[4]

Users looking forward to using the TikTok app amidst the ban might look for alternative methods to download the app. In doing so, users can mistakenly install malicious apps.

More and more fake TikTok applications appear on the internet

It's not the first malicious TikTok Pro app.[5] But the first fake app was more annoying than it was harmful. After installation, it showed a lot of ads for the user. That fake TikTok app was promoted via WhatsApp and spam messages. Unfortunately, the new application is far more dangerous.

After the installation, the fake TikTok Pro app hides its icon, so the user starts to believe that the installation failed. But in reality, the malicious application is still in the device. It steals user's Facebook credentials by creating a fake Facebook login page. After the user types their surname and password, the information is successfully transmitted to this spyware.

Shivang Desai warned:[6]

This functionality can be easily further extended to steal other information, such as bank credentials, although we did not see any banks being targeted in this attack.

The victims of this app are users who download programs from unofficial stores

Malicious Android apps like fake TikTok Pro can be easily avoided. The most important thing is to always think about where to download the apps. Android users should download or install applications only from the official Google Play apps store or from another sufficiently safe source.

If you've become a victim of this spyware, Shivangan Desai advises how to find TikTok Pro app:[4]

We would also like to mention that if you come across an app hiding it's icon, always try to search for the app in your device settings (by going to ​​​​​​Settings -> Apps -> Search for icon that was hidden). In the case of this spyware, search for app named TikTok Pro.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions