Chingari creator says the app is safe after malicious codes were found in in company's parent site
In a tweet, Alderson stated that he found the malicious script inserted in all the webpages. Although he didn’t reveal how serious this was.
Chingari, one of the India-based rivals to the TikTok app, has been gaining massive popularity ever since the government of India banned 59 chinese apps from the country on the basis of user data and privacy compromise.
However, hacker Elliot Alderson, who has been known for discovering loopholes in Aadhaar websites and Aarogya Setu app, recently found out a malicious code in all the webpages of a company named GlobusSoft. And why is this important, that’s because this company is the one behind Chingari app, which is receiving millions of downloads from Google Play Store in India.
In a tweet, Alderson stated that he found the malicious script “drop[.]dontstopthismusics[.]com/drop.js” inserted in all the webpages. Although he didn’t reveal how serious this is and what data it is extracting, it did raise some serious questions on the Chingari app itself. In later tweets it was added that the code redirected users to various websites as well.
The website of Globussoft, the company behind #Chingari, the so-called Indian #TikTok alternative, has been compromised. The malicious drop[.]dontstopthismusics[.]com/drop.js script has been inserted to all the webpages pic.twitter.com/JO2lj4Jido— Elliot Alderson (@fs0c131y) July 1, 2020
However, the co-founder and chief of product of Chingari app, Sumit Ghosh confirmed that the code was removed and the security of users was not compromised with it.
Chingari is among several other Indian apps like Mitron and Bolo Indya and Roposo that is witnessing a huge surge in downloads ever since the ban on TikTok and 58 other chinese apps. The app registered 500,000 downloads in just 72 hours. It currently has over 1 million downloads on the Google Play Store. Ghosh also tweeted saying the app had around 100,000 downloads per hour at one point.