- Cybercriminals have been sending messages on TikTok that open malware
- READ MORE: Urgent warning to all iPhone users after cyberattack
TikTok has confirmed a cyber attack that’s going after brands and celebrities, including Paris Hilton and CNN.
Hackers have been sending direct messages (DMs) to the high profile users in an attempt to install malicious software (‘malware’) on their device.
This malware is granting the cybercriminal access to the victim’s TikTok account remotely, according to experts.
In a statement, TikTok – which is owned by Chinese company ByteDance – confirmed the hack and described the threat as a ‘potential exploit’.
‘We have been collaborating closely with CNN to restore account access and implement enhanced security measures to safeguard their account moving forward,’ it said.
It’s one of the most popular social media apps ever – but TikTok has been subject to a cyber attack targeting people through direct messages (DMs)
‘We are dedicated to maintaining the integrity of the platform and will continue to monitor for any further inauthentic activity.’
A TikTok spokesperson said Paris Hilton’s account was targeted but not compromised, according to the BBC.
Jake Moore, tech expert and security advisor at ESET, said this is a type of ‘zero click attack’ – where the TikTok user doesn’t even have to click any link in the message to be affected.
Instead, just opening the dodgy message is deploying the malware.
‘The malware would have granted access to the attacker, making this a software vulnerability that was previously unknown,’ Moore told MailOnline.
It’s unclear what the user would have seen by clicking on the offending DM, but it could have been a photo, a video clip or even just code.
A TikTok spokesperson said Paris Hilton’s account was targeted but not compromised, according to the BBC
The goal would have been to gain control to then post content, although it’s unclear whether this has been achieved; Paris Hilton’s account appears unaffected.
Although it primarily went after high profile users like Paris Hilton and CNN, lesser-known accounts and members of the public may have been targeted too.
‘Some users would have unfortunately and innocently opened it,’ Moore added.
‘I imagine the attackers would have tested it on high profile accounts first to gain widespread prevalence.’
All TikTok users should be wary of unusual messages on the platform, the cyber expert added.
“Every so often an extremely impressive attack delivery will be designed where little or no interaction from the victim is required for the malware to deploy on the account,’ Moore said.
‘Without warning and by simply opening this rouge message within TikTok’s DMs it could take over the account making it very challenging, even for the most savvy of users.
‘Users should remain vigilant of unsolicited messages on the platform and treat opening messages with caution.’
TikTok is currently facing a ban in the US unless it is sold by its Chinese owners, although this hasn’t stopped Donald Trump recently joining the app despite previously wanting to ban it.
There have been concerns among US politicians that the Chinese government could use the app to track Americans, censor content and promote Chinese narratives.
The app has already been banned from all devices owned and managed by US House of Representatives.
Lawmakers and their staff received an email mandating they delete the app because it is considered ‘high risk due to a number of security issues.’
