Researchers have warned users about a new phishing campaign that exploits the URL shortener service Geo Targetly to lure victims. It empowers the attackers to wage a widespread phishing campaign aimed at different geo-locations.
Geo Targetly URL Shortener Phishing Campaign
According to a recent post from Check Point Research, their researchers discovered a new phishing campaign that exploits the Geo Targetly URL shortener.
Geo Targetly is a dedicated service for location-based advertising, enabling marketers to shorten their URLs according to the specified locations. For instance, clicking on a shortened URL will redirect the user to the respective market of its country, whereas someone in another part of the world would visit the web page as per that region.
Specifically, the attackers behind this campaign use the URL shortener to mask the links to their phishing web pages. Clicking The phishing emails impersonate various entities to trick users into opening the message. For instance, one such email had a subject line mentioning a subpeona for violating the road speed limit.
The emails are designed in the language of the citizens of the target country. Then, the Geo Targetly-shortened URLs for phishing websites redirect users to the fake sites accordingly.
Such customizability empowers the attackers to target users from different parts of the world in the same campaign.
The researchers have shared the details about the phishing campaign in their post.
Be Wary Of Phishing
One of the prime reasons phishing attacks remain successful even after multiple warnings and awareness alerts is the ever-evolving creativity of cybercriminals in designing their campaigns. Whenever they wish to target a specific group of users, they design near-real email messages, which are often difficult for an average user to detect.
Nonetheless, practising caution can always help users avoid such attacks. In this regard, the researchers advise users always to verify the website URLs for originality and double-check the site for legitimacy before sharing any data.
A security researcher found an authenticated remote code execution vulnerability in very wide-spread Arris router models.
Security researcher Yerodin Richards has found an authenticated remote code execution (RCE) vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers’ telephony and internet access.
After responsible disclosure Richards has published a Proof-of-Concept (PoC) that demonstrates how he, ironically used the verification against itself.
Affected devices
The Arris Router Firmware version 9.1.103 authenticated RCE exploit has been tested against the TG2482A, TG2492, and SBG10 models, devices that can be commonly found in the Caribbean and Latin America, says Richards.
According to Richards, when he contacted Arris (acquired by CommScope), the company said the devices running the vulnerable firmware are end-of-life (EOL) and are no longer supported by the company. This means that they are unlikely to ever get updated, even though the SBG10 is actively listed on its website.
Authenticated
An authenticated RCE means an attacker would need login credentials in order to exploit the vulnerability. However, it’s likely that a majority of users haven’t changed their default router credentials, because it is too complicated or they simply are not told clear enough that this is a necessary step in the setup process. So once an attacker knows the default credentials, they can happily exploit the vulnerability.
Richards added:
“It is also worth noting that there is no https setting to secure credentials in transit. I think this makes it a perfect target for botnets like Mirai that gained success using default credentials, and more experienced attackers may have more clever ways to circumvent this.”
How to protect yourself
Since we do not expect the vendor or the ISPs to patch this vulnerability, we asked the researcher for his advice.
“As for mitigation, an easy and effective way is to simply use a strong password, but still this does not stop an attacker from eavesdropping on the unprotected traffic containing the password or even manipulating the browser to gain access. A more desirable form of mitigation would be to change the firmware completely but as you said providers are lax about pushing updates and there is no easy way for an end user to do this themselves. They could run the exploit to gain a root shell and try to patch it from there but this is by no means a simple solution.”
The vulnerability
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. This vulnerability will be listed under CVE-2022-45701.
While testing options to achieve shell script command injection, the researcher found that $ is accepted. That was promising, but when paired into $( it was neutralized. This implies that the developer was intentionally trying to prevent command injection this way. However, there is still a flaw in the verification. If any of the disallowed characters or $( is in the object, the object is not set and keeps its previous value. But, in the case of \ it is simply removed from the payload subsequent to verification. This allows us to set $() by inputting $\(). This could have easily been prevented by also neutralizing $ or ( individually.
With this knowledge Richards was able to add a netcat reverse tcp shellcode and get a shell.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Instagram is always unveiling new features to keep its users engaged. The photo-sharing app just introduced a new feature that will let people post one-way content for their fans. Instagram calls this feature Broadcast Channels.
The thinking behind this feature isn’t particularly new. Telegram has a feature similar to this called “Channels”. It’s an interesting way of keeping your fans engaged in what you’re posting. It’s also an easier way of providing text-based information for fans.
Instagram introduces Broadcast Channels
There aren’t too many ways of sending text-based announcements to your followers. The company was working on bringing short text-based statuses to profiles, but it’s not widely available yet. Other than that, you’d need to add the text to your posts via the caption or through stories. However, those methods aren’t really direct.
However, Instagram just introduced its new Broadcast Channels. These are essentially one-way chat rooms. The creator can set up the channel and invite people to join. Once the creator sets up the channel, their followers will be notified.
In the group, the creator will be able to send messages to the group, but the followers won’t be able to post their own messages; they can only react.
The creators can send any type of message into the channel that they could in a regular message group/Story. You’re able to send text, pictures, videos, polls, audio messages, etc.
This feature did launch to the stable version of Instagram, but it’s still not available to everyone. Instagram has a short list of top Instagram influencers who can use the feature before everyone else.
This list includes Austin Sprinz,David Allen, Tank Sinatra, Valkyrae, and more. You can check out the full list of accounts on the announcement post. There’s no telling when the company will roll this out to all other users. In any case, we don’t expect it to be too long.
As one of the world’s leading providers of affordable and high-quality consumer electronics, Xiaomi’s entrance into the automotive industry has created a lot of buzz and excitement. And according to reports, Xiaomi is making significant strides in developing its car, with CEO Lei Jun personally overseeing the division and dedicating over half his time.
During a recent investor day, CEO Lei Jun shared exciting news about the development of Xiaomi’s cars. The R&D team behind the project has grown to over 2,300 members, and they plan to launch the vehicle for mass production by Q1 2024. Lei Jun stated that autonomous driving is playing a crucial role in the car’s development, and they are investing heavily in becoming a leader in this field by 2024. In order to achieve this goal, the company also plans to test over 140 vehicles during the first phase of testing.
Although the company is yet to share details, a Weibo blogger recently shared images of the soon-to-be-announced electric vehicle wandering on the streets of China during winter testing. Jun was also present during this test, demonstrating the company’s dedication to ensuring the success of the project.
Similar profit structure to smartphones
Interestingly, Xiaomi will take a similar approach to profits as they do with their smartphone, i.e. software profits. According to Jun, this approach creates exciting opportunities for integrating different services beyond the sale of a single product. Although the company has not confirmed it yet, it is likely to focus on software features such as autonomous driving and in-car entertainment, which can generate recurring revenue streams for the company.
While Xiaomi has established an automobile facility in Beijing’s Yizhuang, housing the sales and R&D headquarters, the company is also constructing a fully functional vehicle factory with a yearly capacity of 300,000 vehicles, with the first car expected to roll off the production line in 2024.
According to software firm Dr.Web (via BleepingComputer) a new category of activity-tracking apps has appeared on the Google Play Store generating over 20 million downloads. What makes these three tracking apps so appealing to Android users? They bill themselves as health trackers and pedometers that give you incentive to get into shape by promising to pay out cash rewards to those who reach certain goals.
Do not install these three apps; they are still listed in the Google Play Store
The report from Dr.Web points out that these rewards are often impossible to receive as users must accumulate a large number of rewards before being forced to watch dozens of commercials in order to cash out. After watching all of those ads, users were advised to watch even more to “speed up” the rewards process. The report states that even after all that “the apps did not verify any of the payment-related data provided by users, so the chances of receiving any of the money promised from these apps are extremely small.”
Three apps mentioned in the report remain in the Google Play Store. They are:
Lucky Step – Walking Tracker with 10 million downloads.
WalkingJoy with 5 million downloads.
Lucky Habit: health tracker with 5 million downloads.
All three apps connect with the same command & control server. Such servers are usually used by attackers to send directions to systems infected by malware. With all three apps communicating with the same remote server, it is apparent that they have the same developer. It is also pointed out that earlier versions of the Lucky Step-Walking Tracker falsely said that users had the option of converting their rewards into gift cards for various online stores.
Remember, these crooked developers make money when you view their ads. The more ads you watch, the more money they make.
Do not install these three apps on your Android device
The Lucky Step-Walking Tracker app was eventually updated and the functionality that would convert rewards into cash was removed and the interface elements that would be tapped to make this conversion disappeared. All previously accumulated rewards instantly became worthless.
The one thing you can do to protect yourself from installing malicious apps
If you’re a long-time PhoneArena reader, you know that we tell you to read the comments section before installing an app from a developer that you’re not familiar with-even if the app is listed in the Play Store. That is where you will find red flags that can warn you to stay away from a certain app. For example, two comments written by a pair of unlucky Android device users who installed the Lucky Step – Walking Tracker app contained plenty of red flags.
These two comments from the listing for the Lucky Star app contain enough red flags to keep you from installing it
One comment came from a user who gave the app two stars (!!??!!) while stating that it is “Mostly ad junkie, there is really no benefit to the app…every time you unlock the phone it throws a full-screen ad at you…when I have an alarm going off it overrides that display and will not allow me to get to [the] alarm screen unless I first interact with it. It is just a scam designed to get as much of your data possible while feeding repeatedly ads just so they can make money off of you.”
This is how these three apps trick you into watching dozens and dozens of ads
A second comment gives the app one star and says, “Also, there are a lot of annoying ads that you have to watch to get a few coins. This app is a real scam and garbage and a waste of time and effort.”
We just punched up these apps in the Google Play Store so if you see them, do not install any of the three on your Android devices. Also, if you’ve already installed any of the three, uninstall them immediately.
Here’s one more malicious app that you need to avoid
Dr.Web’s report also mentioned a fitness app called FitStar that creates a customized weight-loss plan for 29 rubles (equivalent to 41 U.S. cents). However, what those subscribing didn’t know was that the program they were signing up for was good for only one day. At the end of the trial, subscribers were automatically signed up for four days of service for an additional 980 rubles (equivalent to $13.86). Full access to the program cost 7,000 rubles ($98.98) and the app continued to automatically extend users’ subscriptions every four days.
This app is also still listed in the Google Play Store. Comments for this app note that if you install it, the icon doesn’t show up on your phone’s list of installed apps making it hard to uninstall. The same review also notes that “The app is trying from the start to get into either Facebook or Google data…”
Don’t put your phone or your wallet at risk. Stay away from all of the apps mentioned in Dr.Web’s report.
Cutout, a popular AI image editing tool, suffered a data breach that exposed user images, usernames, and email addresses. The incident underscores the risks of using cloud-based AI tools for sensitive data.
Cutout.pro, a web-based AI image editing tool, was caught leaking 9GB worth of user data, which included usernames and images requested by using specific queries.
The discovery was made by Cybernews, who found an open ElasticSearch instance containing 22 million log entries referencing usernames, including individual users and business accounts.
However, since log entries contained duplicates, the total number of users affected is unclear. The instance also had information on the number of user credits, a virtual in-game currency, and links to Amazon S3 buckets, where generated images were stored.
This should not come as surprise since the use of AI-powered tools have skyrocketed. This is precisely due to the massive success of ChatGPT. So much so that Google was forced to release its own AI tool called Bard AI.
The exposed Elasticsearch cluster (Image: CyberNews)
The Hong Kong-based visual design platform allows users to manipulate photos or generate images using an AI-based application programming interface (API). This functionality enables the integration of the company’s services into third-party apps.
As noted by researchers, Cutout.pro has self-reported statistics of over 300 million API requests, 4,000 requests per second from over 5,000 applications and websites, and partnerships with over 25,000 businesses.
Therefore, the consequent impact of the leak is likely to be devastating for the customers whose data was exposed in the leak. According to the Cybernews report, their team also found two image editing apps in the open database: Vivid and AYAYA.
“If Cutout.pro’s developers previously didn’t back up the data, the open instance could have led not only to the temporary denial of service but a permanent data loss that was stored on the open instance. Attackers could have wiped it out.”
Cyber News
Due to not being properly configured, the open instance could have been exploited by threat actors in multiple ways. The Cybernews team surmised that anyone could have performed CRUD (Create, Read, Update, and Delete) operations.
Attackers could have used the initial access point to enter the database, take control of the data, and pass it through Cutout.pro’s API, thus carrying out a dangerous supply chain attack on the company’s customers.
Misconfigured Databases – Threat to Privacy
As we know, misconfigured or unsecured databases have become a major privacy threat to companies and unsuspecting users. In 2020, researchers identified over 10,000 unsecured databases that exposed more than 10 billion (10,463,315,645) records to public access without any security authentication.
In 2021, the number of exposed databases increased to 399,200. The top 10 countries with the most database leaks due to misconfiguration in 2021 included the following:
The Interim City Administrator of the City of Oakland declared a state of emergency.after a ransomware attack crippled the city’s services a week ago
The ransomware attack that hit Oakland on Wednesday February 8, 2023 is still crippling many of the city’s services a week later. In fact, the situation is so bad that the Interim City Administrator has now declared a state of emergency.
Tweet announcing the state of emergency
The ransomware attack initially forced the City’s Information Technology Department (ITD) to take all systems offline while it coordinated with law enforcement to investigate the attack.
The impact of the outage is far-reaching and ongoing. The network outage has impacted many non-emergency systems including the ability to collect payments and process reports, permits, and licenses. As a result, some of the city buildings are closed and the public is under advice to email ahead of any planned visit to one of the impacted departments.
Interim City Administrator G. Harold Duffey declared the state of emergency due to the ongoing impact of the network outages as a result of the ransomware attack. According to a spokesperson for the City:
“The declaration of a local emergency allows the City to Oakland to expedite the procurement of equipment and materials, activate emergency workers if needed, and issue orders on an expedited basis, while we work to safely restore systems and bring our services back online.”
Fortunately, the attack has not affected crucial infrastructure like the 911 dispatch and fire and emergency resources, but the Oakland Police Department (OPD) did say that response time has been delayed and asked the public:
If you don’t have an emergency or do not need an immediate emergency response, please consider the following means to report incidents:
So far the City has not provided an indication of when the situation will be back to normal.
Attackers
At this point it’s not clear which ransomware group is behind the attack on the City of Oakland. None of them has claimed the attack and the leak sites of the major groups we checked don’t mention Oakland. This could be because the ransom negotiations have not been broken off yet.
With the investigation apparently ongoing there is no indication of which infection method was used. We’ll update this story if we learn more.
Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware.
Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
Write an incident response plan. The period after a ransomware attack can be chaotic. Make a plan that outlines how you’ll isolate an outbreak, communicate with stakeholders, and restore your systems.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
The U.S. Patent and Trademark Office has approved a recent Apple patent for a foldable device with a clamshell design and virtual buttons on the side.
Earlier this week, Apple got approval for a new foldable design patent that explores the idea of “Electronic Devices With Display and Touch Sensor Structures.”
The patent includes drawings of a foldable phone or tablet with a wraparound screen. However, the display and touch sensor layers overlap, allowing users to touch multiple parts of the device to perform specific tasks.
For example, a touch-sensitive side, which Apple described as a “virtual shutter button,” could allow users to control the device’s camera. Users can also slide a finger up and down the device’s side to regulate its volume.
But does it mean Apple will finally announce a foldable iPhone?
New Apple Patent Suggests a Foldable iPhone Design?
Unlike competitors such as Samsung, Motorola, Xiaomi, and Oppo, Apple hasn’t released a foldable device. However, several analysts have hinted that the tech giant could announce a foldable device soon.
Whatever the case, the newly-approved patent adds to the anticipation of a foldable Apple design.
According to CNBC, the analysts at UBS say the patent “could indicate a foldable device is a possibility but not this year.” They further note that a foldable Apple smartphone “could be an incremental opportunity for future generation iPhone models.”
However, Ben Wood, the chief of research at Market research firm CCS Insight believes it’s too soon to expect a foldable iPhone.
“Right now it doesn’t make sense for Apple to make a foldable iPhone. We think they will shun that trend and probably dip a toe in the water with a foldable iPad,” Wood told CNBC.
So the patent is more likely for a foldable iPad, which aligns with Kuo’s claim.
The Samsung Galaxy S23 launched earlier this month, and it’s a natural competitor to the iPhone 14 Pro. That’s why we’ll compare these two phones here, the Samsung Galaxy S23 vs Apple iPhone 14 Pro. These two phones have the same display sizes, but both look different, and feel different in the hand. There’s plenty to talk about here, actually, as they’re both very compelling, but different in general.
As per usual, we’ll first list the specifications of both devices, and will then move to compare them across a bunch of categories. We’ll compare their designs, displays, performance, battery life, cameras, and audio performance. That being said, let’s get this show on the road, shall we?
Both phones are made out of metal and glass, but not the same materials. The Galaxy S23 combines an aluminum frame with a Gorilla Glass Victus 2 backplate. The iPhone 14 Pro has a stainless steel frame, and “Corning-made glass” on the back. The iPhone 14 Pro is slightly taller, wider, and thicker than the Galaxy S23. It is considerably heavier, though, at 206 grams, compared to 168 grams of the Galaxy S23. The main reason is the stainless steel frame. Truth be said, it does feel a bit too heavy for its size, but some people like that.
The Galaxy S23 has a centered display camera hole on the front, while the iPhone 14 Pro includes a pill-shaped cutout on the front. Both phones have uniform bezels, and both feature curved corners. You’ll notice flat displays on both of these devices, while their buttons are in different spots. The Galaxy S23 has both its power/lock and volume rocker buttons on the right side, while the iPhone 14 Pro’s power button is on the right, while the volume up and down buttons are on the left.
If we flip them around, you’ll see considerably different-looking camera modules. The Galaxy S23 has three vertically-aligned cameras in the top-left corner. Each of those cameras protrudes directly from the backplate. The iPhone 14 Pro has three cameras with standard Apple alignment, all of which are included inside the same camera module. Both smartphones do feel quite premium, and are quite slippery. Do note that the iPhone 14 Pro is a lot heavier than the Galaxy S23, it’s not even close. Both are one-hand friendly, at least compared to most other phones out there.
Samsung Galaxy S23 vs Apple iPhone 14 Pro: Display
When it comes to displays, they do include the same display sizes, but different panels. The Galaxy S23 features a 6.1-inch fullHD+ (2340 x 1080) flat Dynamic AMOLED 2X display with a 120Hz refresh rate. It does support HDR10+ content, and gets up to 1,750 nits of peak brightness. The display aspect ratio is 19.5:9, and this display is protected by the Gorilla Glass Victus 2. The panel has a hole punch at the top.
The iPhone 14 Pro, on the flip side, includes a 6.1-inch 2556 x 1179 LTPO Super Retina XDR OLED display. This display is also flat, and has a 120Hz refresh rate. It supports HDR10 content, and also Dolby Vision. The max brightness is 2,000 nits, and the display aspect ratio is 19.5:9. The Ceramic Shield Glass protects this display, by the way, and there’s a pill-shaped cutout at the top.
When it comes to actual use, both are fantastic. We can nitpick all we want, but the point is they both offer nice, vivid colors, deep blacks, good viewing angles, and good touch response. The iPhone 14 Pro’s display can technically get brighter, so in direct sunlight that may help, but the Galaxy S23 is not far behind in that regard. Truth be said, both panels are fantastic, and also quite smooth, and well protected, so you really can’t go wrong here.
Samsung Galaxy S23 vs Apple iPhone 14 Pro: Performance
The Snapdragon 8 Gen 2 for Galaxy fuels the Galaxy S23. The Galaxy S23 is also equipped with 8GB of LPDDR5X RAM (only the 128GB storage model comes with LPPDR5 RAM) and UFS 4.0 flash storage. The iPhone 14 Pro includes the Apple A16 Bionic processor, along with 6GB of RAM, and NVMe storage. These two SoCs are amongst the best in the market, if not the best mobile SoCs at the moment. Both phones are really well-equipped hardware-wise, and the same goes for performance-related hardware.
Both of these phones fly through anything you throw at them, basically. They handle multitasking with grace, and the same goes for consuming multimedia, launching the camera and taking pictures, processing images, browsing, and so on. Even when it comes to gaming, they both do an excellent job without getting too hot. They can handle the most demanding games available in their respective app stores, without a problem. We didn’t notice any performance-related problems on either phone.
Samsung Galaxy S23 vs Apple iPhone 14 Pro: Battery
The Galaxy S23 includes a 3,900mAh battery pack. The iPhone 14 Pro, on the flip side, has a 3,200mAh battery. Apple’s iPhones usually need less battery juice than Android phones, so keep that in mind, don’t compare them directly. In fact, the iPhone 14 Pro is the device that offers better battery life in this comparison. The Galaxy S23 is much improved in that regard compared to its predecessor, but it’s still not great.
The Galaxy S22’s battery life was truly bad, and the Galaxy S23 does bring an improvement of around 25% in comparison. Getting over 5 hours of screen-on-time is easily doable. For some of you, you may even be able to get considerably more, depending on your usage. The iPhone 14 Pro can reach the 7-hour screen-on-time mark, at least in our experience. Your mileage may vary, of course, as your usage habits are different, as are the apps you use, plus there’s the signal factor, and so on.
Both devices support wired and wireless charging. The Galaxy S23 offers support for 25W wired, 15W wireless, and 4.5W reverse wireless charging. The iPhone 14 Pro supports 20W wired, 15W MagSafe wireless, and 7.5W Qi wireless charging. Unlike the iPhone 14 Pro, the Galaxy S23 also supports reverse wireless charging. One thing to note is that neither phone includes a charger in the box.
Samsung Galaxy S23 vs Apple iPhone 14 Pro: Cameras
The Samsung Galaxy S23 includes a 50-megapixel main camera, a 12-megapixel ultrawide unit, and a 10-megapixel telephoto camera. The iPhone 14 Pro is equipped with a 48-megapixel main camera, a 12-megapixel ultrawide camera, and a 12-megapixel telephoto camera. There’s also a LiDAR scanner on its back. Both of these devices do a really good job in the camera department, actually.
The camera performance improved on the Galaxy S23 compared to its predecessor. The device tends to provide warmer-looking images, compared to the iPhone 14 Pro. Apple’s handset tends to go for closer-to-real-life shots. Both offer plenty of detail during the day, and have really good dynamic range. The iPhone 14 Pro does struggle with highlights sometimes, in extreme HDR conditions.
At nighttime, both do a fairly good job. The iPhone 14 Pro images do turn up a bit darker, just so they feel closer to real life. They look great, though. The Galaxy S23 tends to brighten things up a bit more, but at times, the images do look a bit too warm in low light. Ultrawide cameras are great on both devices, though the iPhone 14 Pro keeps a better balance between main and ultrawide cameras, in terms of colors, first and foremost. The video recording is better on the iPhone 14 Pro, but the Galaxy S23 did improve considerably compared to its predecessor.
Audio
When it comes to audio, you’ll be glad to hear that both phones have stereo speakers. The sound is loud enough from both, and also detailed enough, but neither set of speakers are the best out there. Truth be said, the sound does sound a bit deeper from the Galaxy S23, and there’s also more bass here
You will not find a 3.5mm headphone jack on either device. You can, however, use their charging ports (Type-C and Lightning port, respectively) to connect your headphones. If you prefer to do that wirelessly, both phones are equipped with Bluetooth 5.3.
According to a recent news update, the TikTok Trivia challenge puts a $500,000 prize up for grabs. This trivia will soon start, and it will be accessible to only a select group of users. Also, the trivia is region-restricted, meaning that only TikTok users in a particular region can participate.
Some details on this coming trivia are available, helping users know exactly what to expect. This article will guide you on how you can join this trivia and possibly win yourself some amazing prizes. Also, the kick-off date and time are available to help users prepare beforehand.
Details on the coming TikTok Trivia challenge
Just like every other trivia contest, participants are most interested in the prize to be won. For its coming trivia contest, TikTok is offering a $500,000 prize pool for participants. The total prize money will be split among players that make it to the end of the entire contest.
This trivia is only open to TikTok users in the United States who are 18 years of age or older. TikTok’s users in other regions wishing to participate would have to hope that something similar is made available for their regions. The challenge will run from the 22nd to the 26th of February, a total of five days.
From the 22nd to the 24th of February, a total of two sessions will take place on the video-sharing platform. Each session will come with its own set of questions based on different topics, basically general knowledge. Some questions will be based on the John Wick movie franchise (this trivia is in collaboration with Lionsgate media)
If you are not familiar with the movie character John Wick, then you need to do some research. Also, participants should expect some tough questions as the challenge progresses. But how do you take part in the TikTok Trivia challenge?
There is a trivia widget in your TikTok For You feed, which participants can use to access the challenge page. Searching for the tag #TikTokTrivia and heading over to the TikTok account are other ways to participate in this trivia. Some of your favourite creators will also be part of a live stream after the trivia session.
