Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Social Networks Software

TikTok Users Earned $500,000 Pushing Scam Apps - Until a 12-Year-Old Reported Them (cpomagazine.com) 23

An anonymous reader quotes CPO magazine: An Avast report found that several popular TikTok profiles profited by pushing scam apps to underage children. At least three TikTok accounts with over 350,000 followers were implicated. The campaign involved at least seven scam apps distributed on both Google Play Store and Apple App Store. Users had downloaded the rogue apps more than 2.4 million times, earning the fraudsters more than $500,000.

A 12-year old girl from the Czech Republic discovered a suspicious behavior on a popular app trending on TikTok and reported it to Avast. The child was a participant in the Avast's "Be Safe Online" cybersecurity initiative that teaches the youth how to identify cyber threats. Researchers at the cybersecurity firm investigated and found at least three TikTok profiles aggressively advertising scam apps to underage children. One of the TikTok profiles had more than 300,000 followers, while an Instagram account had more than 5,000 fans. Following the discovery, Avast researchers reported the scam apps to Google, Apple, Instagram, and TikTok...

Avast reported that most of the scam apps promoted by the popular TikTok profiles were HiddenAd trojans. Such apps are disguised as useful software but served intrusive ads outside the app. They also hid app icons to prevent users from finding out the ads' source or uninstalling them.

This discussion has been archived. No new comments can be posted.

TikTok Users Earned $500,000 Pushing Scam Apps - Until a 12-Year-Old Reported Them

Comments Filter:
  • by muffen ( 321442 ) on Monday October 05, 2020 @03:20AM (#60573254)
    It was discovered that Slashdot is pushing advertisements for avast as part of the newsfeed. The site caused 100's of nerds to enroll their kids in a stay safe online program run by avast!
    • If I didn't know better I'd suspect this was a trumped up story targeting TikTok as the supervillain of the day. It's not like any other apps are involved in advertising scams targeting children.

      I think the actual problem is the monopsony. Well actually its a duopsony since there are two of them. At least we should be able to figure out whose rules are broken, eh?

  • respect to avast (Score:5, Interesting)

    by Cederic ( 9623 ) on Monday October 05, 2020 @04:01AM (#60573310) Journal

    I'm not a fan of companies promoting things at children so it's nice to see a positive outcome for once.

    Pre-teen aware enough to understand and report a threat, taken seriously enough to investigate properly, naughty people thwarted as a result.

    I hope she's given a reward of some form then allowed to enjoy some privacy again.

  • that happened

  • by dargaud ( 518470 ) <slashdot2@nOSpaM.gdargaud.net> on Monday October 05, 2020 @04:34AM (#60573354) Homepage
    Why does the API allows for hidden icons for apps ? And more than that why are there always some unremovable apps ? I'd been fighting with one such (not nefarious, just annoying) for years until recently the [Remove] button suddenly wasn't greyed out anymore: bye, bye !
    • by raymorris ( 2726007 ) on Monday October 05, 2020 @08:01AM (#60573634) Journal

      First to clarify - these apps just don't show up on the home screen. They are visible under Settings > Apps.

      You asked why there exists an API which allows an app's home screen icon to be hidden. There are several useful features which can be used to hide an icon. First, if an app developer can choose the icon for their app, that means they can choose one that's hard to see or hard to recognize. They can choose one that looks like the stock Settings or Camera app and boom, it's hiding. So it's kinda unavoidable.

      Secondly, if the developer can choose the shape of the icon, like Google uses a triangle for Play Store, that's implemented via transparency. The image file is a rectangle, which looks like a triangle because some parts are transparent. If you allow shapes, that means you allow transparency, which means an asshole can make the icon invisible.

      Thirdly, these apps ask for a special permission "draw over other apps". This is useful for some apps, such as call filtering apps that need to display a rating over the phone app.

      Lastly, here is the method actually used by this particular bad guy. Android apps have multiple different functions, behaving differently depending on how they are called. One example you've seen but probably didn't realize was different is your camera app. If you really tap in a text message to add a picture, the texting app tells the camera app to "take a picture and send it back to me". Which is different behavior than if you open the app from the home screen, which saves the picture to your camera roll. Apps have different "activities" which can be requested by other apps. I have an app for my printer and it has activities that other apps can call such as "print this this pic".

      When the home screen opens an app, it asks for the SplashActivity activity. You can imagine that a printer driver may have nothing useful to offer as a Splash activity, opening it from the home screen makes no sense. Such an app might only be useful when called from another app. If it has nothing useful to do when opened from the home screen, why clutter the home screen with a useless icon for an app that can't be opened?

      That's what this bad guy did - he set these as having no splashactivity enabled, nothing the app could do from the home screen. It therefore wasn't visible on the home screen after this change.

      > why are there always some unremovable apps ?

      Mostly unremovable apps are put there before you buy the phone. The main operating system partition is read-only to avoid damage, such as from a sudden loss of battery power or crash. Which means anything included on that partition is not removable without rooting and mounting the partition read/write. They are put there either by the manufacturer or by the carrier. Particularly in the case of subsidized / financed phones where you get a cheap or free phone and have a X year contract, you're paying for the phone over the course of two years (at an inflated price). Some of the cost from people who leave after less than a year after getting a subsidized phone is covered by revenue from pre-installed apps, where whoever makes the apps paid the carrier to install them.

      If that annoys you as much as it does me, get an unlocked Moto or a Google phone next time. The upfront cost may be a little higher because you actually own the phone free and clear when you walk out of the store, rather than being tied to an inflated-price service contract which bundles a phone loan as part of the high cost. However, it costs less long term because the carriers charge more each and every month for that "free" phone.

      • by EvilSS ( 557649 )

        If that annoys you as much as it does me, get an unlocked Moto or a Google phone next time.

        As annoying as I find Motorola sometimes with their slow as continental drift roll out of new Android versions to older devices they promised upgrades for, I still buy my Android phones from them due to the nearly stock Android images they put on their unlocked phones, not to mention the decent bang for the buck you can get with them. Even under Lenovo ownership, they still seem dedicated to keep doing it. I do miss the wood backs though...

    • Why does the API allows for hidden icons for apps ?

      Because some "apps" are really just preferences panes or similar. Not all of them have or need an app-style interface.

      And more than that why are there always some unremovable apps ?

      Because they are cooked into your ROM, i.e. installed into the System partition. There exist numerous methods for removing them from there, but AFAIK all of them require root access. But you did buy a rootable phone, right? Because what self-respecting nerd would do otherwise?

      • by dargaud ( 518470 )

        But you did buy a rootable phone, right?

        I did first when phones needed that to be usable, but nowadays you can buy decent phones when everything works and rooting doesn't really ad much, except the ability to remove one or two annoying system apps. And the last phone I tried to root it took something like 50 steps and never worked.

        • I am generally dissatisfied with Motorola lately but I've had good luck with unlocking them in the past, so long as I buy explicitly unlockable/unlocked phones.

  • As well as teaching kids to be safe online, can we also teach them to ignore ads like regular upstanding citizens?

    • Ads cannot be ignored - "ignoring" them just makes them go straight to your subconscious brain. And then 6 months later, when you'll need to buy some beer, you will buy Budweiser's... The brand will be imprinted into you.

      It's much better, when one lives in an ad-intensive environnment, to try to consciously study them all and reverse-engineer them in a way: how do they work, what kind of message are they tring to convey, etc.

      • by dohzer ( 867770 )

        They definitely can be ignored. It's called muting and staring off into space for 30 seconds. It's good for your body. Like standing up after every hour of being seated.

      • by Falos ( 2905315 )

        I have found it quite possible to live with very minimal ad exposure. To the point that I'm actually out of the loop. Movies and sequels come out and I have no idea. A side perk of ads is a slightly increased awareness of what the market is up to, a sense of their motives and where they're hefting their weights about.

        I don't live rurally, and local ads (ie billboards for an auto shop) are mild on the brainwashing scale.

        When I *have* gone to the cinemas, it was eerie how "ministry of education" the process a

    • Do you buy mostly generic groceries? Do you have no preference for Heinz ketchup over Ketchup brand ketchup?

      If it were easy to "just ignore" ads, companies wouldn't spend $120 billion on ads each year in the US alone.

      Sure you can *not click* on ads. Nobody clicks on Superbowl ads or on billboards, that doesn't mean they aren't effective. Companies pay $10 million / minute for Superbowl ads not because they are ineffective. Simply seeing a name and logo several times makes us more likely to buy that brand.

  • You wants the short but memorable relations. We will have fun this night! I'm waiting >> bit.do/fJZmi

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...