Hackers are exploiting this new TikTok craze to push malware

Don’t get conned with the oldest trick in the book

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals have struck gold with amalwaredistribution campaign leveraging a TikTok challenge and the ground-breaking promise of seeing people naked on the internet to wreak havoc.

The “Invisible Body” challenge involves users recording their naked bodies on video, and then using a TikTok filter to remove it from the video and replace it with a blurry background. The malware in question claims to remove the filter.

Like many TikTok challenges, this one became popular quite quickly, with the hashtag #invisiblebody having more than 24 million views. Similarly, the GitHub repository used to distribute the malware rose to the top of its list of trending repositories.

Fake videos

However, cybercriminals were quick to capitalize on it, creating videos that promote a way to remove the filter and view the original, unedited clip.

In the description of the video was a link to a Discord server where users are directed to a second link, leading to GitHub. There, users are told they can download the “unfiltering” filter which is actually the WASP Stealer (Discord Token Grabber) malware.

PC gamers targeted in new Discord phishing scam>Several huge NFT Discords hacked by scam attacks>Here’s our rundown of the best firewalls around

This tool steals people’s Discord accounts, passwords, credit card information saved in browsers, cryptocurrency wallets, and even people’s files.

According toBleepingComputer, just two videos promoting the fake tool were viewed more than a million times, and one Discord server has amassed over 30,000 people. A simpleGooglesearch for the keywords “Invisible Body TikTok” now serves up dozens of videos promoting fake filter removal tools.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WASP is hosted on GitHub, and soon after the videos hit the web, it achieved the status of “trending GitHub project”.

Both GitHub and TikTok were quick to remove the accounts promoting the scheme from their platforms. However, the threat actors seem to have made a quick return, using different account and project names.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics