Attackers exploit trending TikTok challenge to spread malware
Malicious actors are exploiting a trending TikTok challenge to trick users into installing malware on their devices, Checkmarx reports.
To partake in the “invisible challenge”, TikTok users apply a filter called Invisible Body to their videos, leaving only a silhouette in the video.
Users filming such videos are often undressed, and viewers have been looking for ways to remove the filter.
Threat actors have been trying to capitalise on this by posting TikTok videos with links to malware-infested “unfilter” software claiming to remove the filter.
“Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages,” explained Checkmarx researcher Guy Nachshon.
Once deployed, the information-stealing malware targets user passwords, cryptocurrency wallets, and other private information.
While TikTok has suspended the attackers’ accounts, the videos they posted in November 2022 are estimated to have accumulated over one million views before it took action.
The attackers also hosted a Discord server — for which they posted links in video descriptions — where they pushed links to a GitHub repository hosting the malware to members.
The Discord server’s member base reached almost 32,000 before it was reported and deleted.
Despite the adversary renaming the project to “Nitro-generator”, the GitHub account has now been removed.
The malicious code is said to have been embedded in Python packages, including “tiktok-filter-api”, “pyshftuler”, and “pydesigns”.