Threat actors are exploiting a new TikTok trend called "Invisible Challenge" to infect the devices of unsuspecting users with malware that can steal their private information.
In the trend, people film themselves naked while using a special video effect called "Invisible Body". This removes the person's body from the video, leaving a blurred contour image. The challenge's hashtag #invisiblefilter has amassed over 25 million views.
According to a report by cybersecurity firm Checkmarx, TikTok users @learncyber and @kodibtc are capitalizing on this trend by posting videos that promote an application that can allegedly remove the TikTok filters and expose people’s naked bodies. Their videos include an invite link to a certain Discord server that had the software.
The attacker's videos | Tap or click to enlarge
Once the user clicks the link and joins the Discord server, they are then sent to a page that displays naked videos of people that are allegedly the result of using the unfiltering software. They will also receive a message from a bot account that asks them to open and bookmark a GitHub repository.
This repository advertises itself as an open-source tool that can remove the invisible body filter on TikTok. It has 103 stars and 17 forks, and has even become a "trending GitHub project." Inside the repository, however, is a malicious Python package that deploys the WASP Stealer malware, which is capable of stealing Discord accounts, cryptocurrency wallets, passwords and credit cards stored on browsers and even a victim's files.
Checkmarx no ..
Support the originator by clicking the read the rest link below.
