When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Cybercriminals are exploiting TikTok's 'Invisible Body' challenge to deploy malware

The TikTok logo on a white pink and blue background

Threat actors are exploiting a new TikTok trend called "Invisible Challenge" to infect the devices of unsuspecting users with malware that can steal their private information.

In the trend, people film themselves naked while using a special video effect called "Invisible Body". This removes the person's body from the video, leaving a blurred contour image. The challenge's hashtag #invisiblefilter has amassed over 25 million views.

According to a report by cybersecurity firm Checkmarx, TikTok users @learncyber and @kodibtc are capitalizing on this trend by posting videos that promote an application that can allegedly remove the TikTok filters and expose people’s naked bodies. Their videos include an invite link to a certain Discord server that had the software.

The attacker's videos | Tap or click to enlarge

Once the user clicks the link and joins the Discord server, they are then sent to a page that displays naked videos of people that are allegedly the result of using the unfiltering software. They will also receive a message from a bot account that asks them to open and bookmark a GitHub repository.

This repository advertises itself as an open-source tool that can remove the invisible body filter on TikTok. It has 103 stars and 17 forks, and has even become a "trending GitHub project." Inside the repository, however, is a malicious Python package that deploys the WASP Stealer malware, which is capable of stealing Discord accounts, cryptocurrency wallets, passwords and credit cards stored on browsers and even a victim's files.

Checkmarx notes that the attack is ongoing, and if the malicious Python packages are removed, the attacker simply creates a new identity or uses a different name.

As of this writing, the attackers' GitHub repository is still up, but "TikTok unfilter" packages have been replaced by "Nitro generator" files. The Discord server, on the other hand, has been taken offline, but the threat actor claims that they have moved to a new server. The aforementioned TikTok usernames also no longer appear in search results.

"These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023," Checkmarx concludes.

Source: Checkmarx

Report a problem with article
Chrome 108 written on a dark background with some colors at the top and a crossmark at the bottom
Next Article

Google Chrome 108 is coming today with lots of deprecations and improved COLRv1 support

Elon Musk Tweet on Apple
Previous Article

Elon Musk hints at going to war with Apple

Join the conversation!

Login or Sign Up to read and post a comment.

5 Comments - Add comment