TikTok scrubs ads promoting diet pills, fake apps after Tenable report

Written by

Silly scammers, TikTok is for kids.

The video-sharing app, which claims some 49 million daily active users in the U.S., said Thursday it removed an array of advertisements from its central #ForYou page that marketed suspicious diet pills, fake mobile apps and other inauthentic services.

The removal came after researchers from the security firm Tenable alerted TikTok about an ecosystem of promotions that aim to defraud users out of money, trick them into downloading shady apps or collect their personally identifiable information. Some ads promise to compensate users who download mobile apps and run those programs for three minutes, a tactic that allows attackers to subvert security controls. Other messaging masquerades as news articles, apparently from CNN or Fox News, that include celebrities marketing “free” weight loss pills.

“Scammers see [TikTok] users as a means to an end – the goal is to prey on consumer insecurities and desires to earn fast money, get a good deal on a hot product, lose weight without working out or relieve credit card debt,” Satnam Narang, a staff research engineer at Tenable, wrote in a detailed report. “While we all wish it weren’t so, the reality is that there’s no easy way to accomplish these things.”

The analysis comes amid ongoing discussions about the possible sale of TikTok by ByetDance, the Beijing-based technology firm that the White House has described as a national security threat. In an executive order, the Trump administration said it would effectively ban the use of Tiktok in the U.S. unless ByteDance sells the social media company by Nov. 12, citing vague concerns about how China’s Communist Party could use TikTok to collect U.S. data.

TikTok has filed a federal lawsuit challenging that executive order, and ByteDance’s chief security officer previously told CyberScoop that Tiktok does not share information with Beijing.

TikTok classifies more than a third of its 49 million daily users in the U.S. as 14 years old or younger, raising questions about whether the company is doing enough to safeguard their data, according to the New York Times. Without years of experience navigating digital services for common fraud tactics like phishing or suspicious ads, children may be more susceptible to social media scams.

Tenable researchers suggested that the number of malicious advertisements on TikTok’s #ForYou section, a main page where users discover new content, indicates weaknesses in the moderation process.

One advertisement flagged in the Tenable research said users could earn “$433 Per Day Playing Games.” By clicking the ad, users would be directed to Apple’s App Store and encouraged to download an app that appears to be something else. The recommended app, Super Expense, actually is called iMoney, researchers found.

The iMoney app urges users to provide a picture of their driver’s license, a move that would expose their name, home address, driver’s license number and other personal details.

Similar apps also asked users to leave positive reviews for Amazon products, an apparent attempt to get around Amazon rules which require reviewers to disclose whether their critique is sponsored.

In a statement, a TikTok spokeswoman did not quantify the number of apps the company removed.

“TikTok has strict policies to protect users from fake, fraudulent, or misleading content, including ads. Advertiser accounts and ad content are held to these policies and must follow our Community Guidelines, Advertising Guidelines, and Terms of Service,” the company representative said.

“We also have measures in place to detect and remove fraudulent ads, and advertising content passes through multiple levels of verification before receiving approval as well as once ads are running to help ensure authenticity, quality, and safety. We regularly review and improve these measures to combat increasingly sophisticated fraud attempts and to further strengthen our systems.”