TikTok users hit with scam apps downloaded over 2.4 million times [updated]

A screen grab of the 'Shock My Friends' display screens in the Apple App Store.
(Image credit: Ahmed Hany/Apple)

UPDATE: Apple has removed the iOS apps in question here from the App Store.

Watch out, TikTok kids! Some of the most popular accounts on your favorite short-form-video app may be promoting scammy Android and iOS apps designed to show you ads or rip you off.

This was discovered by a 12-year-old girl in the Czech Republic who promptly reported her findings to security firm Avast. Avast has the details in a blog post today (Sept. 22).

"Altogether, the apps have been downloaded more than 2,400,000 times and have earned the people or persons behind the scam more than $500,000," Avast said in a press release. 

All seven apps of the scammy apps were still available in the Google Play Store and Apple App Store at the time of this writing.

The apps claim to provide wallpapers, download music or be a phone-vibration game called "Shock your friends." But they will load ads outside of the apps or charge you between $2 and $10 for normally free items such as wallpapers.

"The apps we discovered are scams and violate both Google's and Apple's app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed," said Avast threat analyst Jakub Vavra.

"It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognize some of the red flags surrounding the apps and therefore may fall for them." 

Avast found at least three TikTok accounts that were aggressively promoting the apps, with the usernames 7odestar, Dejavuuu.es3 and Marina90lazina. The first had more than 300,000 followers. 

It also found one Instagram account with the username Shockmyfriends.app promoting the apps. All four were still active as of Wednesday morning in New York.

Avast said it had reported the apps and accounts to Apple, Google, Instagram and TikTok.

Scam apps exposed

There are three Android apps and four iOS ones listed by Avast. All were still available for download when this story was written Tuesday morning (Sept. 22) Eastern time. 

Update: By Tuesday evening, the iOS ones had been removed.

How to protect yourself from TikTok scams

To protect yourself from scammy apps, be very wary of anything that's promoted via social-media platforms or via text or instant messages. 

Also, read the reviews in the app stores before you download anything -- if something has exceptionally low ratings, as a few of these do, that's often a tip-off.

If you're on an Android phone, you should also install and run some of the best Android antivirus apps. That won't catch all scamware, but it will protect you from the most dangerous stuff. (Unfortunately, there are no antivirus apps for iOS.)

"We thank the young girl who reported the TikTok profile to us," said Avast's Jakub Vavra. "Her awareness and responsible action is the kind of commitment we should all show to make the cyberworld a safer place."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.