I want to talk about malware and malware actors and how do they get their software to spread around? And specifically, there’s a new, malware going around affecting Android phones, not iPhones, but Android phones specifically around Tik TOK. But for the most part, it’s either fishing or swishing through text messages or some other type of messaging that tricks the user into acting based on emotion, not logic to go and download something fake and how they do that is they have to create a convincing story, some trigger, something that’s fresh in your mind.
Something that looks legitimate in order you to forgo a reasoning in order to trick you to do it. And in this case, they use current events. Now, recently over the summer, the white house has come forward and said, Tik TOK is a national security threat, and potentially they didn’t state it as such, but are considering banning Tech-Talk in the United States. It’s been banned in other countries around the world. United States could follow that suit. There are tens of millions of people, generally young people using Tech-Talk on a regular basis. So I’ll make their livings off of it. And, uh, banning Tech-Talk could be a, uh, have, uh, uh, ramifications across the board. Um, but people like to react on emotion. And so this malware going across, they will receive, uh, an SMS text message or a WhatsApp message stating that there’s this new version of tick tock, tick tock pro, which is being promoted as a way to get around any type of ban.
Of course, this is purely fake. So this Tik TOK pro app, when it’s downloaded, installed on an Android phone, of course you have to give the app permissions. It asks permission for your camera, your all of your phone permissions contacts, and once a user attempts to, um, install the application, then they are bombarded by advertisements. And what this malware, the second way of, um, the second iteration of this malware is doing is installing itself into a common place that, um, Android malware goes and then deletes itself from the front. So it’s almost near impossible to, to delete it once it’s installed, because there is no app icon on the main screen. And there’s no way to find out where this payload is running from. And that’s the downside of Android. You have Android, which is a far more open architecture for developers than iPhone is which allows for significantly, um, widely advanced applications.
In my opinion, there are some really cool applications that exist on phones that will never exist an iPhone because of the nature of how those apps work with the Android OS compared to how Apple locks it down. Apple doesn’t have a rash of, of malware problems as Android does. That’s the trade-off, um, to each his own, whatever, but this malware is only affecting the Android phones, but that really comes down to as security professionals, as parents, as guardians, as overseers, as educators, as, as awareness owners of security is to let people be aware of these types of things, because especially for Tik TOK, which is a younger audience, the more naive the norm, the more gullible, the less aware if it’s on the internet, it doesn’t necessarily mean to be it’s true. In fact, if it’s on the internet, most likely it’s fake. If it’s too good to be true, it is, especially if it comes from the internet.
And it’s very easy, very fast for somebody to, especially a young person who uses tech talk on a regular basis, um, significant amounts of time during the day, using it to say, Hey, Tik TOK pro, get her on the band. Oh, and then they start sharing it around. Next thing you know, you have advertisement, uh, malware installed on these phones all over the place. So you have to make people aware of these types of things, have that open transparency with your kids or your young ones or other people to, to like, I always say it’s better to hesitate and ask than click and be wrong. Have them come up and say, Hey, I got this weird text messages about this tick tock pro. I haven’t heard about it. Is it real? No, it’s not real deleted going on, but, but it’s going to get around the band.
It’s like, no, it’s fake. Trust me in a way you go. Those are the types of conversations that you need to have, especially with the new owners of devices, the pre-teens early teenagers, or in some cases, even younger who are getting phones for school phones for Christmas iPads for, for school and remote learning and whatever. A lot of mobile adoption has happened. That means open communications. That means that are more susceptible to these types of attacks and these types of malware. Um, in this case, it’s an advertisement bomb, and the other cases could be crypto miner could be ransomware. It could be something that’s steal all your photos. Every photo that they take is, is being sent off to hackers. You don’t know, but the point is, is to make sure that everybody not just the security professionals are aware of these things, how these things work, educate them, and just be transparent to say, Hey, stop and ask the question. Is this legitimate or not? It might be most cases. It’s not in this case. They’re using the tick-tock story. Um, next month it’ll be a different story. Um, in November it’ll be something around elections. Then we have Christmas time and shipping and tax form. You know, the malware actors continually to change their stories, to push the same type of malware at the end of the day, to steal your data, steal your money, steal your information, or recap it security and five, be aware, be safe.