What Role Does Social Media Play In The Distribution Of Malware?

January 15, 2025

Canada has ordered the closure of TikTok Technology Canada Inc., the Canadian subsidiary of ByteDance, citing national security concerns.

This decision follows a broader national security review under the 1985 Investment Canada Act, which allows the government to scrutinize foreign investments. The review concluded there were specific national security risks associated with ByteDance's operations in Canada.

Despite the closure of TikTok's offices, the Canadian government has decided not to block Canadians from using the app, emphasizing that the decision to use a social media application is a personal choice. This move mirrors actions taken by other countries, including the United States, which have also expressed concerns about the potential for data gathering and spying by the Chinese Communist Party through TikTok.

The decision has sparked debate over its effectiveness, with some arguing that banning the corporate entity rather than the app itself may weaken the ability to hold the company accountable. TikTok has announced plans to challenge the ruling in court, claiming the review process was unfair and that the decision is disproportionate.

According to the source:

Concern is widespread that the Chinese Communist Party (CCP) could conduct data gathering and spying through TikTok, since it wields potentially unlimited authority over Chinese companies. And "The CCP has long been known for having an enormous capability to gather otherwise benign-looking datasets, and to process them to produce intelligence to further its national interests," notes Casey Ellis, founder and adviser at Bugcrowd. "While it can easily be argued that Western governments and companies are capable of the same, the CCP's national interests are at best competitive, and at worst disruptive to the national interests of the West."

https://www.darkreading.com/cyber-risk/canada-closes-tiktok-offices-national-security (Nov. 07, 2024).

Commentary

The banning of TikTok offices in Canada is a decision based on national security concerns – specifically, espionage. Outside of those concerns is that TikTok and other social media platforms can spread malware.

For example, hackers have exploited the very popular TikTok challenges like the "Invisible Body" challenge to distribute the WASP malware. This malware can steal data such as credit card details, login information, and even cryptocurrency wallets. Additionally, there have been instances where malicious actors used TikTok's direct messages (DMs) to spread malware that could take over accounts. https://www.makeuseof.com/hackers-spreading-malware-tiktok-challenge/ (Nov. 29, 2022).

Phishing is the primary means by which malware is distributed. However, it is estimated that social media platforms are responsible for one in five of organizations infected with malware. https://www.darkreading.com/vulnerabilities-threats/social-media-platforms-double-as-major-malware-distribution-centers (Feb. 26, 2019).

In addition to caution regarding social media, below are some other steps to prevent malware infection through phishing:

  • Unsolicited emails (a/k/a phishing), texts (a/k/a smishing), or messages that appear to be from a legitimate source that contain:
    • Demands for private information/credentials/personal identifiers
    • Offers of money or valuables in exchange for private information/credentials/personal identifiers
    • Demands to perform an action and/or select a link/attachment
    • Threats made unless an action is taken and/or a link/attachment is selected
  • Unsolicited emails, texts, or messages offering deals/goods/money
  • Emails requesting consideration for employment
  • Unsolicited responses to offers of employment with attachments/links
  • Online messages purporting to be from employees/contractors/ agents/vendors requesting changes to direct deposit/transfer/wire instructions
  • Online messages from public entities/law enforcement threatening fines/penalties/incarceration
  • Targeted online messages to a person/organization using familiar information/tone/language demanding unsolicited/unusual action or altering previously agreed instructions (a/k/a spear phishing or whale phishing)
  • Routine online messages that have added links or attachments or have replaced/altered the routine links/attachments (a/k/a clone phishing)
  • Links to imitation websites that request/demand private information/credentials/personal identifiers
  • Imitation/fraudulent notifications/ads on legitimate websites/browsers (a/k/a pop-up phishing)
  • Imitation/fraudulent social media notices or posts that request/demand private information/credentials/personal identifiers (a/k/a angler phishing)
  • Voice calls imitating legitimate persons/organizations/agencies requesting/demanding private information/credentials/personal identifiers (a/k/a vishing)
Finally, your opinion is important to us. Please complete the opinion survey:

This site uses essential/technical cookies to function. Cookies allow us to provide the best experience possible and must be enabled to use this site properly. By continuing to use this site, you agree to our use of cookies. Please see our Privacy Policy or How to Enable Cookies for more information.

An error has occurred. We have been notified and are working to resolve the problem. Please return to the front page and try this action again later.

Error!

An Error has ocurred on this site.

The error has been reported to our programmers and we are working to correct it. We generally get errors fixed overnight, so please feel free to try this action again tomorrow.