Warning: This famous TikTok trend is actually an information-stealing software
This trend is named the 'Invisible Challenge.' It basically involves the use of a filter.
According to a research done by Checkmarx, threat actors are using a famous TikTok challenge as a method to trick users. The TikTok users download a software that is able to steal private information through the trick.
This trend is named the ‘Invisible Challenge.’ It basically involves the use of a filter named Invisible Body which leaves behind only a silhouette of the person recording the video.
The possibility of users being undressed in the clips led to a scheme which the attackers used to post links to the rogue software named unfilter. The software claimed to remove the applied filters.
In an analysis, Checkmarx researched Guy Nachson said that the ‘instructions to get ‘unfilter’ software deploy WASP stealer malware hiding in the malicious Python packages.’
WASP stealer is used to hack passwords, cryptocurrency wallets and Discord accounts. The TikTok videos of the hackers were viewed over one million times and their accounts have now been removed.
The video clip also had an invitation link embedded on it which was for Discord server that was managed by the attackers. The server had more than 30,000 members before it was reported and taken down. After the victims joined the Discord server, they got a link that took them to GitHub repository, that contained the malware.
The attacker then renamed it to ‘Nitro generator.’ He also changed the repository name and kept uploading new files onto the project. They described the new Python source code as an ‘open-source’ and not a VIRUS. The GitHub account has now been suspended too.
What are your views on this? Share in the comments bar below.