TikTok alternative Chingari's website compromised, researcher Elliot Alderson discovers
French security researcher Elliot Alderson claimed that the website of Globussoft, the company behind social media app Chingari, a desi alternative to Chinese TikTok, has been compromised. The company said that the app is completely safe.
According to the security researcher, the website's drop script has reportedly been inserted with a malicious code which redirects the user to various other websites.
"The website of Globussoft, the company behind #Chingari, the so-called Indian #TikTok alternative, has been compromised. The malicious drop has been inserted to all the webpages," Alderson tweeted late Wednesday.
Sumit Ghosh, co-founder and Chief Product Officer, Chinagri replied, saying that although the Chingari app was incubated by Globussoft, the security or privacy of the app have not been compromised.
"Thanks for pointing the wp (Word Press) issue to me. Chingari was incubated under Globussoft and built by us, the security of Chingari app/website and our users is not compromised by any of this," replied Ghosh.
He noted that the user data is safely stored on a dedicated and secure AWS server. "Globussoft website and Chingari app have very different security/engineering teams and are totally unrelated. Chingari will soon be an independent company," Ghosh added.
Downloaded over 3 million times, Chingari app was founded by Bengaluru-based programmers Biswatma Nayak and Siddharth Gautam last year and it is witnessing nearly 1 lakh downloads and over 2 million views per hour since the government banned 59 Chinese apps over national security concerns.
It allows a user to download and upload videos, chat with friends, interact with new people, share content, and browse through feed. A Chingari user gets the opportunity to get creative with WhatsApp status, videos, audio clips, GIF stickers, and photos. The app is available in languages including English, Hindi, Bangla, Gujarati, Marathi, Kannada, Punjabi, Malayalam, Tamil and Telugu.
*Edited from an IANS report