- Cybercriminals send messages on TikTok that open malware
- READ MORE: Urgent warning for all iPhone users after cyber attack
TikTok has confirmed a cyberattack that targeted brands and celebrities including Paris Hilton and CNN.
Hackers have been sending direct messages (DMs) to the high-profile users in an attempt to install malicious software (“malware”) on their devices.
According to experts, this malware gives the cybercriminal remote access to the victim’s TikTok account.
In a statement, TikTok – owned by Chinese company ByteDance – confirmed the hack and described the threat as a “potential exploit.”
“We have worked closely with CNN to restore account access and implement enhanced security measures to protect their account going forward,” the report said.
It’s one of the most popular social media apps ever, but TikTok has been the victim of a cyberattack that targeted people through direct messages (DMs)
“We are committed to maintaining the integrity of the platform and will continue to monitor for further inauthentic activity.”
A TikTok spokesperson said Paris Hilton’s account was targeted but not compromised BBC.
Jake Moore, a technical expert and security consultant at ESET, said this is a type of ‘zero click attack’ – where the TikTok user doesn’t even have to click on a link in the message to be affected.
Instead, opening the untrustworthy message deploys the malware.
“The malware would have granted access to the attacker, making this a software vulnerability that was previously unknown,” Moore told MailOnline.
It’s unclear what the user would have seen by clicking on the offending DM, but it could have been a photo, a video clip, or even just a code.
A TikTok spokesperson said Paris Hilton’s account was targeted but not compromised, according to the BBC
The aim would have been to gain control to then post content, although it is unclear whether this was achieved; Paris Hilton’s account appears to be unaffected.
While primarily high-profile users such as Paris Hilton and CNN were targeted, lesser-known accounts and members of the public may also have been targeted.
“Some users would have opened it unfortunately and innocently,” Moore added.
“I imagine the attackers would have tested it on high-profile accounts first to gain widespread prevalence.”
All TikTok users should be wary of unusual posts on the platform, the cyber expert added.
“Every now and then, an extremely impressive attack execution will be designed that requires little or no interaction from the victim before the malware can be deployed to the account,” Moore said.
‘Without warning and by simply opening this rouge message in TikTok’s DMs, it can take over the account, making it very challenging even for the most savvy users.
“Users should remain vigilant for unsolicited messages on the platform and treat opening messages with caution.”
TikTok is currently facing a ban in the US unless it is sold by its Chinese owners, although this hasn’t stopped Donald Trump from recently joining the app despite previously wanting to ban it.
There are concerns among US politicians that the Chinese government could use the app to track Americans, censor content and promote Chinese stories.
The app has already been banned from all devices owned and controlled by the US House of Representatives.
Lawmakers and their staff have received an email asking them to remove the app because it is considered “high risk” due to a number of security issues.