Is Tik-Tok Malware?

Question

Over the weekend, a tweet has "blown up" (linked below), screen grabs of someone speaking with authority about how they reverse engineered TikTok and found it is capturing all sorts of unexpected data (beyond the clipboard capturing, reported last week).People are asking about this. But this whole story is triggering my BS detector. The tweet is screen grabs quoting "someone on Reddit". The reddit post goes into extensive justification for why they can't provide any proof ("The laptop this work was on has a dead motherboard, it's a MacBook with soldered on SSD so I can't just remove the SSD"... Feels kind of like the dog ate my homework).I took a look at the permissions the TikTok app is requesting, and they don't seem unusual: Camera/mic and media. The post is alledging: Downloading and executing .zip files, scanning your network, sending geolocation every 30 seconds, sending device and AP MAC addresses, setting up a local proxy server...Anyone have any further thoughts on this or seen any additional details?Tweet: https://twitter.com/d1rtydan/status/1277081198624337920Reddit: https://www.reddit.com/r/videos/comments/fxgi06/not_new_news_but_tbh_if_you_have_tiktiok_just_get/

LinuxBender · Accepted Answer

If it was malware, I would be looking for a malware analysis on one of the malware detection / threat sites. At very least I would expect such a write-up on a security analysts blog, that is referenced by a security company. If the code itself is not malware and is being used as command and control, then I would expect someone has captured it being used in this manor and could show the questionable system calls being made.

beamatronic · Answer

With any bold claims like this, look for a consensus approach. Are the claims repeatable? I have seen these kinds of reports about TikTok from multiple independent sources, so I'm inclined to believe them.

nym · Answer

Yes.