Ben Pick, the Senior Application Security Consultant at nVisium, has provided us with the following comment on the above story:
Using TikTok profiles for promoting scam apps is only the latest vector of abusing popular channels to capture profit from unsuspecting supporters. The best method to not be susceptible is to verify the app being downloaded and not click a link directly from a user’s profile. Check for excessive permissions and numerous bad reviews to prevent downloading similar scam or outright malicious apps. Unfortunately, this issue will not be going away as there is nothing stopping anyone from advertising their own interests or paid apps.