TikTok hit with malicious malware that’s taking over accounts — don’t open those DMs
Malicious malware spread through DMs
TikTok’s no good last few months continues with news that hackers have used malicious code to take over celebrity and brand accounts on TikTok. The official accounts of Sony, Paris Hilton and CNN have reportedly been impacted by the hack, according to a Forbes report.
The hackers responsible are sending malware via DMs on the app. Apparently, this malware doesn’t require victims to click any links or download software. Instead, all you have to do is open a DM with the malware present and your device will be infected.
The hack appears to be a “zero-day” attack, meaning that the bad actors learned of the vulnerability in TikTok’s code before developers did, thus they had zero days to prevent it.
@tomsguide ♬ original sound - Tom’s Guide
The Semafor newsletter reported that CNN had to take the company’s account down. A spokesperson told Semafor that the company had been lax in cybersecurity. However, it sounds like the issue was off-site, probably because one of the dozens of CNN employees with access opened a DM, a regular part of managing a social media brand.
For now, it appears that hackers are going for brand and celebrity accounts like Paris Hilton. Average users probably won’t be affected, but to be safe, it would be best to avoid opening DMs until TikTok announces a repair or patch for the ongoing issue.
TikTok does have a support page with suggestions on dealing with a hacked account. The usual suggestions presented include resetting the password, removing unknown devices and engaging two-factor authentication by adding your phone number.
TikTok is no stranger to big hacks. Last year, over 700,000 accounts were hacked in Turkey because of poor two-factor authentication methods in the app.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
In 2022, Microsoft reported a vulnerability in the Android version of the TikTok app that would allow hackers to take over an account with one click of a specific link.
Beyond hacking, TikTok is an ongoing fight with the United States government to avoid getting banned in America. President Joe Biden signed a measure that requires TikTok parent company ByteDance to sell the company’s U.S. operations.
The ban is in place presumably to keep American’s private data out of the hands of the Chinese government.
Last month, ByteDance challenged the law in the U.S. Court of Appeals for the D.C. Circuit. That lawsuit is ongoing.
More from Tom's Guide
Scott Younker is the West Coast Reporter at Tom’s Guide. He covers all the lastest tech news. He’s been involved in tech since 2011 at various outlets and is on an ongoing hunt to build the easiest to use home media system. When not writing about the latest devices, you are more than welcome to discuss board games or disc golf with him.