TikTok challenge used to steal information from devices, NCC warns

by Johnson Daniel

Hackers are currently stealing information from people’s devices by exploiting a popular TikTok challenge. The campaign capitalizes on a TikTok trend known as the “Invisible Challenge,” in which people pose naked using a special video effect known as “invisible body.” The effect creates a person’s image that is blurred and contoured.

The hackers shared their TikTok videos along with links to bogus software called “unfilter,” which claims to be capable of removing TikTok filters and exposing people’s naked bodies. The malware is concealed within malicious Python packages.

Nigerians have been warned by the Nigerian Communications Commission’s (NCC) Computer Security Incident Response Team that the viral challenge exposes devices to Information-Stealing Malware.

The warning was contained in an advisory issued on Tuesday by NCC Director of Public Affairs Reuben Muoka, who stated that threat actors used a viral TikTok challenge known as the Invisible Challenge to spread an information-stealing malware known as the WASP (or W4SP) stealer.

“The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects,” the advisory read in part.

“Those who click on the link and attempt to download the software, known as “unfilter,” are infected with the WASP stealer. Suspended accounts had amassed over a million views after initially posting the videos with a link. Following, the link leads to the “Space Unfilter” Discord server, which had 32,000 members at its peak but has since been removed by its creators.

“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed. It may also covertly monitor user behaviour and harvest Personally Identifiable Information, including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity. This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”

 

Leave a Comment

Related Posts

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy