Rogue TikTok accounts are promoting adware scam apps posing as “Shock Roulette” and “Wallpaper” apps

Prague, Czech Republic, September 22, 2020

Avast (LSE:AVST), a global leader in digital security and privacy products, has discovered seven adware scam apps available on the Google Play Store and Apple App Store. The discovery comes after a child reported a TikTok profile promoting what appeared to be a suspicious app to Avast’s Be Safe Online project in the Czech Republic, which educates children on how to stay safe online. 

Altogether, the apps have been downloaded more than 2,400,000 times and have earned the people or persons behind the scam more than $500,000, according to data from SensorTower, a mobile apps marketing intelligence and insights company, and are poorly rated with app ratings ranging between 1.3 - 3.0.

The apps, which pose as entertainment apps like games to “Shock your friends”, wallpaper apps, and music downloaders, aggressively display ads, or charge users between $2-10 USD. The apps either provide a simple game that just causes the device to vibrate, wallpapers, or music. Some of the apps are HiddenAds trojans, a type of trojan Avast reported on this summer that disguises itself as a safe and useful application but instead serves intrusive ads outside of the app, and hides the original app icon making it difficult for users to identify where the ads are being served from.

We thank the young girl who reported the TikTok profile to us, her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place.

The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed. It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them.

Jakub Vávra, threat analyst at Avast

TikTok Promotion

Many of the apps are being promoted on TikTok via at least three profiles dedicated to pushing the apps, one of which has more than 300K followers. In addition to the TikTok profiles, Avast researchers also discovered an Instagram profile promoting one of the apps, with more than 5K followers. 

The iOS and Android apps appear to be developed by the same person or group. The links promoted on the social media profiles lead to the iOS or Android versions of the apps, depending on the device the link is being accessed from.

How users can protect themselves

  • Carefully read reviews: Adware and scam apps can be difficult to recognize, as they are often disguised as entertainment apps like gaming apps, for example. Signs that an app could be a scam include low app ratings, and negative reviews, citing excessive ads or low functionality of the alleged app features. “In addition to the seven apps, we also noticed the app developers have more apps, with very low downloads and reviews, but the handful of reviews they have are extremely positive and enthusiastic, which can also be a sign that something is suspicious,” continued Jakub Vávra.
     
  • Question prices: Users should consider what they are paying for and if the price tag for an app makes sense considering what the app is offering. “Many of these apps offer basic or unrealistic features, like simple games that claim to shock players, or wallpapers for around $8, a high amount considering games and features like this are often offered for free by other developers,” says Jakub Vávra.
     
  • Check permissions: Before downloading apps, users should check the permissions the app is requesting and consider if they make sense for the app to function properly. “The Android app ‘ThemeZone - Shawky App’ requests access to a device’s external storage, which can include photos, videos, and files, depending on how the storage is used. Accessing external storage is not a must for a wallpaper app,” warns Jakub Vávra.

It’s also important for parents to speak to their children about apps and what to look out for before downloading an app, or make it a rule for children to ask for permission before allowing them to download an app, to avoid potential unnecessary costs.

Jakub Vávra

Screenshots of the apps, and social media profiles can be found here. A downloadable PDF list of the apps can be found here.

About Avast:

Avast (LSE:AVST) is a global leader in digital security products. With over 400 million users online, Avast offers products under the Avast and AVG brands that protect people from threats on the internet and the evolving IoT threat landscape. The company’s threat detection network is among the most advanced in the world, using machine learning and artificial intelligence technologies to detect and stop threats in real time. Avast digital security products for Mobile, PC or Mac are top-ranked and certified by VB100, AV-Comparatives, AV-Test, SE Labs and others. Visit: www.avast.com.