TikTok Malware: How a Single Click Can Compromise Your Account and Device


How vulnerable are TikTok users to malware attacks from malicious links in bios?

I am curious about the security risks of clicking on a suspicious link in a TikTok bio that was posted by a bot account. The link opened within the TikTok app on my iPhone 13 pro, and I did not enter any personal information. Could the hackers still access my data or infect my device with a virus?


TikTok is one of the most popular social media platforms in the world, with over 1.5 billion installations on Android devices alone. However, its popularity also makes it a target for cybercriminals who may try to exploit its users through various methods. One of these methods is to post malicious links in the bios of bot accounts, which may lure unsuspecting users to click on them and compromise their accounts or devices.

In this article, we will explore how this attack works, what are the potential consequences, and how to prevent it.

How does the attack work?

The attack relies on a vulnerability that was discovered by Microsoft researchers in the TikTok Android app in February 2022 . The vulnerability, which was fixed by TikTok shortly after being notified, allowed attackers to bypass the app’s deeplink verification process. Deeplinks are Android-specific hyperlinks that can access individual components within a mobile app. For example, when you click on a TikTok link in a browser, it will automatically open the content in the TikTok app.

Normally, the TikTok app will only allow content from its own domain (tiktok.com) to be loaded into its WebView component, which is a browser-like window that can display web pages within the app. However, the vulnerability enabled attackers to force the app to load any arbitrary URL into the WebView, and access the JavaScript bridges that are attached to it. JavaScript bridges are interfaces that allow communication between the WebView and the native app, and can expose various functionalities to the web page.

By exploiting this vulnerability, attackers could create specially crafted links that, when clicked by a TikTok user, would open a malicious web page in the app’s WebView, and use the JavaScript bridges to perform actions on behalf of the user. For example, the attackers could obtain the authentication tokens that are used to prove the ownership of the account, and use them to access and modify the user’s profile, messages, videos, and other sensitive information. The attackers could also change the user’s bio to display a different link, and spread the infection to other users who may click on it.

The attack could be executed with a single click, and without the user’s awareness, as the malicious web page could be hidden or disguised as a legitimate one. The attack could also affect any Android device that had the TikTok app installed, regardless of the version or security patches.

What are the potential consequences?

The consequences of this attack could be severe, depending on the attackers’ motives and capabilities. Some of the possible outcomes are:

  • Account hijacking: The attackers could take over the user’s account and use it for malicious purposes, such as posting spam, phishing, or propaganda content, impersonating the user, or deleting or leaking their videos and messages.
  • Data theft: The attackers could access the user’s personal and private information, such as their name, email, phone number, location, contacts, preferences, and activity history, and use it for identity theft, fraud, blackmail, or targeted attacks.
  • Device infection: The attackers could use the JavaScript bridges to download and install malware on the user’s device, such as spyware, ransomware, or botnets, and use it to monitor, encrypt, or control the device, or launch further attacks on other devices or networks.
  • Financial loss: The attackers could use the user’s account or device to make unauthorized purchases, subscriptions, or donations, or steal their credit card or banking information, and cause financial loss or damage to the user.
  • How to prevent it?


best way to prevent this attack is to update the TikTok app to the latest version, which has fixed the vulnerability. Users can check the app’s version number in the settings menu, and download the update from the official Google Play Store. Users should also avoid clicking on any suspicious or unknown links in the bios or comments of TikTok accounts, especially those that are posted by bots or strangers. Users should also enable the security features of their devices, such as antivirus software, firewall, and password protection, and be careful about the permissions they grant to the apps they install. Users should also monitor their TikTok account and device for any unusual or unauthorized activity, and report any suspicious or malicious content or behavior to TikTok or the relevant authorities..

Leave a Reply

Your email address will not be published. Required fields are marked *

Privacy Terms Contacts About Us