TikTok Invisible Challenge is being used to steal passwords and cryptocurrency
Hackers are always thinking of innovative methods to take advantage of the most recent trends, and the most recent example uses a well-known TikTok challenge to deceive unwary users into downloading malware on their devices. If you are unfamiliar with the TikTok challenge known as the “Invisible Challenge,” it entails using an invisible body filter that turns your body’s skin tone into a green screen. With the exception of a silhouette surrounding your body’s outline, you may appear nearly invisible in videos with neutral backgrounds if the filter is activated.
Even though TikTok has had the “invisible body filter” for a while, some video producers have started using it to conceal their bodies while recording in the nude. As you might anticipate, some people have begun to ponder whether the filter may be lifted in order to see what is beneath. According to BleepingComputer, hackers jumped upon the opportunity right away and are now selling specialized “unfiltering” software to get rid of the initial filter. The WASP stealer malware, which steals passwords, accounts, and even bitcoin, is installed by this software instead of eliminating the invisible body filter from TikTok videos.
A fresh study from the cybersecurity company Checkmarx claims that two TikTok users produced videos on the app that have received over a million views in an effort to advertise software that can remove the invisible body filter. Additionally, they provided a link in their platform profiles to a “Space Unfilter” Discord channel where users could use the app. If a user chooses to click the link and sign up for the Space Unfilter Discord server, they are met with NSFW films uploaded by the hackers responsible for this campaign, which purport to demonstrate how their software can disable the TikTok filter in the issue.
Additionally, a “Nadeko” bot account automatically sends a private message to users asking them to star the GitHub repository that hosts the malicious program. These private communications appeared to have served their purpose because the project’s repository, which houses all of its files, suddenly rose to the top of the GitHub projects list. Once downloaded onto a victim’s smartphone or computer, a script within the repository downloads a malicious Python package containing the WASP stealer virus.
It appears that this campaign is still active as of right now. When the Python security team deletes the hacker’s malicious packages, they improvise and use a different name, as Checkmarx notes in its report. Thankfully, the Unfilter Space Discord server has been disabled, and “Nitro generator” files have taken the place of the GitHub repository.
How to stay safe from malware exploiting trends
Cybercriminals like to take advantage of trends, particularly those that convey a sense of urgency. This was demonstrated earlier this year with Queen Elizabeth II and at the start of 2020 with phony coronavirus treatments. This is why you should always use caution when clicking on links, whether they are in your email or on social media. Being at risk of having your identity stolen or having your devices infected with malware is simply not worth the risk when something looks too good to be true. It’s important to keep an eye out for spelling and language errors, which are both big warning signs of these scams.
At the same time, you should refrain from opening emails or messages from unknown senders, particularly if the subject line is empty. Even if you install one of the top antivirus software packages on your computer and one of the top Android antivirus applications on your smartphone, fraudsters may still be able to access your accounts through phishing. You may be on a phishing page, or a hacker may be employing an overlay to steal your credentials if a website or app requests that you log in even though you are already logged in.
Regarding the TikTok Invisible Challenge, you shouldn’t record videos or take images of yourself that you wouldn’t want other people to view. Even if you’re using a filter, posting personal information online can come back to bite you.