Trending 2022 TikTok ‘Invisible Challenge’ is used by Hackers to Spread Malware

admin November 30, 2022
0 Comments

Trending TikTok ‘Invisible Challenge’ is used by Hackers to Spread Malware

Tiktok is not spared from being the platform of virus spread. Threat actors are exploiting on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.

The trend goes by the name Invisible Challenge and it involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person’s body.

But the fact that individuals filming such videos has led to a wicked scheme wherein the attackers post TikTok videos with links to rogue software dubbed “unfilter” that claim to remove the applied filters.

Trending 2022 TikTok 'Invisible Challenge' is used by Hackers to Spread Malware
Image Source- The Record By Recorded Future

“Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages,” Checkmarx researcher Guy Nachshon said in a Monday analysis.

The WASP stealer (aka W4SP Stealer) is a malware that’s designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.

The TikTok videos posted by the attackers, @learncyber and @kodibtc, on November 11, 2022, are estimated to have achieved over a million views. The accounts have now been suspended.

Apart from the links to dubbed software, the video also includes an invite link to a Discord server managed by the adversary, which had nearly 32,000 members before it was reported and deleted.

Victims joining the Discord server from subsequently receive a link to a GitHub repository that hosts the malware.

As the malware got a lot of attention, the attacker has renamed the project to “Nitro-generator” but not before it landed on GitHub’s Trending repositories list for November 27, 2022, by urging the new members on Discord to star the project.

The threat actor along with changing the repository name, deleted old files in the project and uploaded fresh ones, one of which even described the updated Python code as “Its open source, its not a **VIRUS**.” The GitHub account has now been pulled.

The stealer code is said to have been embedded in various Python packages such as “tiktok-filter-api,” “pyshftuler,” “pyiopcs,” and “pydesings,” with the operators swiftly publishing new replacements to the Python Package Index (PyPI) under different names upon getting removed.

“The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever,” Nachshon noted. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open source package ecosystem.”

Categories: CyberSecurity
Tags: ,

Related Articles

Responses

Your email address will not be published. Required fields are marked *

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .