{"id":472001,"date":"2022-11-30T12:03:21","date_gmt":"2022-11-30T10:03:21","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=472001"},"modified":"2022-11-30T12:05:49","modified_gmt":"2022-11-30T10:05:49","slug":"attackers-exploit-trending-tiktok-challenge-to-spread-malware","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/472001-attackers-exploit-trending-tiktok-challenge-to-spread-malware.html","title":{"rendered":"Attackers exploit trending TikTok challenge to spread malware"},"content":{"rendered":"<p>Malicious actors are exploiting a trending TikTok challenge to trick users into installing malware on their devices, Checkmarx <strong><a href=\"https:\/\/medium.com\/checkmarx-security\/attacker-uses-a-popular-tiktok-challenge-to-lure-users-into-installing-malicious-package-fe6248dfe0ae\" target=\"_blank\" rel=\"noopener\">reports<\/a><\/strong>.<\/p>\n<p>To partake in the &#8220;invisible challenge&#8221;, TikTok users apply a filter called Invisible Body to their videos, leaving only a silhouette in the video.<\/p>\n<p>Users filming such videos are often undressed, and viewers have been looking for ways to remove the filter.<\/p>\n<p>Threat actors have been trying to capitalise on this by posting TikTok videos with links to malware-infested &#8220;unfilter&#8221; software claiming to remove the filter.<\/p>\n<p>&#8220;Instructions to get the &#8216;unfilter&#8217; software deploy WASP stealer malware hiding inside malicious Python packages,&#8221; explained Checkmarx researcher Guy Nachshon.<\/p>\n<p>Once deployed, the information-stealing malware targets user passwords, cryptocurrency wallets, and other private information.<\/p>\n<p>While TikTok has suspended the attackers&#8217; accounts, the videos they posted in November 2022 are estimated to have accumulated over one million views before it took action.<\/p>\n<p>The attackers also hosted a Discord server \u2014 for which they posted links in video descriptions \u2014 where they pushed links to a GitHub repository hosting the malware to members.<\/p>\n<p>The Discord server&#8217;s member base reached almost 32,000 before it was reported and deleted.<\/p>\n<p>Despite the adversary renaming the project to &#8220;Nitro-generator&#8221;, the GitHub account has now been removed.<\/p>\n<p>The malicious code is said to have been embedded in Python packages, including &#8220;tiktok-filter-api&#8221;, &#8220;pyshftuler&#8221;, and &#8220;pydesigns&#8221;.<\/p>\n<hr \/>\n<h2 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/internet\/471815-eskomsepush-and-other-apps-used-for-drug-dealing-human-trafficking-in-south-africa.html\" rel=\"bookmark\">EskomSePush and other apps used for drug-dealing, child trafficking in South Africa<\/a><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Attackers spread the information-stealing malware through Python packages purported to remove the Invisible Body filter.<\/p>\n","protected":false},"author":341076,"featured_media":472005,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[50307,82981,801,34041,59100],"class_list":["post-472001","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-discord","tag-invisible-challenge","tag-malware","tag-python","tag-tiktok"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/472001"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=472001"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/472001\/revisions"}],"predecessor-version":[{"id":472037,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/472001\/revisions\/472037"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/472005"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=472001"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=472001"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=472001"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}