INTRO: Another day, another news a few possibly dodgy app. And if truth is to be told, none of us can claim to be truly surprised, either for this. In what seems to be reminder everywhere again for the umpteenth time, French cyber-security researcher, Baptiste Robert, has recently claimed that the web site of an Indian software firm called Globussoft, which is the corporate behind the viral TikTok clone, Chingaari, is compromised by malware.
According to Robert, who goes by the pseudonym, Elliot Alderson, the location had malware on all pages. The malware apparently just keeps redirecting the users to varied seemingly unrelated pages round the web. Robert has also announced his findings via a tweet on Wednesday.
The website of Globussoft, the company behind #Chingari, the so-called Indian #TikTok alternative, has been compromised. The malicious drop[.]dontstopthismusics[.]com/drop.js script has been inserted to all the webpages pic.twitter.com/JO2lj4Jido
— Elliot Alderson (@fs0c131y) July 1, 2020
“The website of Globussoft, the corporate behind Chingari, the so-called Indian TikTok alternative, has been compromised”, he tweeted last evening. “The malicious drop[.]dontstopthismusics[.]com/drop.js script has been inserted to all or any the webpages”, he said in his tweet.
The Chingari co-founder, Sumit Ghosh, has also admitted to the difficulty, but claimed that the app itself isn’t suffering from it. “Thanks for pointing the wp issue to me. Chingari was incubated under Globussoft and built by us. The security of the Chingari app/ website and our users isn’t compromised by any of this we assure our users. It is privately securely stored on dedicated and secure AWS instances. We will also fix the wp issue soon”, he said. He further also claimed that the Chingari app and therefore the Globussoft website is ‘totally unrelated’. “Chingari app will also soon be an independent company on its own”, he added.
The interesting part is that there are some reports suggest that the noted anti-malware software, BitDefender, also detected cryptojacking malware on the Globussoft website. While we cannot independently verify those claims at this point, it is a cause for concern for all the users.