Another day, another news about a possibly dodgy app. And truth be told, none of us can claim to be truly surprised, either. In what seems to be deja vu all over again for the umpteenth time, French cyber-security researcher, Baptiste Robert, has claimed that the website of an Indian software firm called Globussoft, the company behind the viral TikTok clone, Chinagari, is compromised by malware.
According to Robert, who goes by the pseudonym, Elliot Alderson, the site had malware on all pages. The malware apparently just keeps redirecting users to various seemingly unrelated pages around the web. Robert announced his findings via a tweet on Wednesday. “The website of Globussoft, the company behind Chingari, the so-called Indian TikTok alternative, has been compromised”, he tweeted last evening. “The malicious drop[.]dontstopthismusics[.]com/drop.js script has been inserted to all the webpages”, he said.
The website of Globussoft, the company behind #Chingari, the so-called Indian #TikTok alternative, has been compromised. The malicious drop[.]dontstopthismusics[.]com/drop.js script has been inserted to all the webpages pic.twitter.com/JO2lj4Jido
— Elliot Alderson (@fs0c131y) July 1, 2020
Chingari co-founder, Sumit Ghosh, admitted to the issue, but claimed that the app itself is not affected by it. “Thanks for pointing the wp issue to me. Chingari was incubated under Globussoft and built by us. The security of Chingari app/ website and our users is not compromised by any of this. It is securely stored on dedicated and secure AWS instances. We will fix the wp issue soon”, he said. He further claimed that the Chingari app and the Globussoft website are ‘totally unrelated’. “Chingari will soon be an independent company”, he said.
Interestingly, some reports suggest that the noted anti-malware software, BitDefender, also detected cryptojacking malware on the Globussoft website. While we cannot independently verify those claims at this point, it is a cause for concern.