Hackers Using Trending TikTok ‘Invisible Challenge’ to Spread Malware

Cyber Security

Products You May Like

Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.

The trend, called Invisible Challenge, involves applying a filter known as Invisible Body that just leaves behind a silhouette of the person’s body.

But the fact that individuals filming such videos could be undressed has led to a nefarious scheme wherein the attackers post TikTok videos with links to rogue software dubbed “unfilter” that purport to remove the applied filters.

CyberSecurity

“Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages,” Checkmarx researcher Guy Nachshon said in a Monday analysis.

The WASP stealer (aka W4SP Stealer) is a malware that’s designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.

The TikTok videos posted by the attackers, @learncyber and @kodibtc, on November 11, 2022, are estimated to have reached over a million views. The accounts have been suspended.

Python Malware
Python Malware

Also included in the video is an invite link to a Discord server managed by the adversary, which had nearly 32,000 members before it was reported and deleted. Victims joining the Discord server subsequently receive a link to a GitHub repository that hosts the malware.

The attacker has since renamed the project to “Nitro-generator” but not before it landed on GitHub’s Trending repositories list for November 27, 2022, by urging the new members on Discord to star the project.

Besides changing the repository name, the threat actor deleted old files in the project and uploaded fresh ones, one of which even described the updated Python code as “Its open source, its not a **VIRUS**.” The GitHub account has now been pulled.

The stealer code is said to have been embedded in various Python packages such as “tiktok-filter-api,” “pyshftuler,” “pyiopcs,” and “pydesings,” with the operators swiftly publishing new replacements to the Python Package Index (PyPI) under different names upon getting removed.

“The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever,” Nachshon noted. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open source package ecosystem.”

Products You May Like

Articles You May Like

Realme P2 Pro Allegedly Spotted on BIS Certification Website, India Launch Seems Imminent
The sneaky way Big Tech is acquiring AI unicorns without buying the companies
ISRO Chief S Somanath Expects Budget Requirement to Grow by Up to 30 Percent in Coming Years
Google Pay Announces UPI Circle, UPI Vouchers and More Features at Global Fintech Fest 2024
Realme 13 5G, Realme 13+ 5G With 80W Fast Charging Launched in India: Price, Offers, Specifications

Leave a Reply

Your email address will not be published. Required fields are marked *