Hackers Use TikTok’s “Invisible Body” Challenge to Spread Malware

Hackers are spreading WASP malware and stealing data via the well-known “Invisible Body” TikTok challenge.

TikTok Challenge Used In To Distribute Infostealer Malware

The “Invisible Body” TikTok challenge is being used by malicious actors to distribute WASP info stealer malware. The “Invisible Body” challenge on TikTok asks users to use a filter to hide their facial features and only show their silhouette. The background of the film then matched to the silhouette, virtually creating the illusion of invisibility. With over 25 million views, the TikTok hashtag #invisiblefilter has become famous. The “Invisible Body” trend is usually harmless. But recently creators are using it to video themselves undressed while hiding their bodies from viewers using the filter.

To spread WASP malware, attackers are profiting off the allure of “unfiltered” these naked movies. The hacker will publish a phony film in which he or she claims to have used software to remove the filter, revealing the creator’s naked body. This done to pique the attention of some people who want to use the software to unfilter TikTok videos on their own.

Malware Spread Through Discord

The aforementioned invite link takes visitors to the “Space Unfilter” Discord server, where they can purportedly download the filter-removing application. When a user first logs in to the server, a message from a bot account with a link to a GitHub repository sent to them. The WASP malware, which concealed in a malicious Python package, hosted by this repository. Guy Nachshon, a researcher at Checkmarx, said in a Medium article that the attacker used the malicious package “pyshftuler” at first. But afterward “uploaded a new malicious package under a different name” when PyPi discovered and destroyed the first package (Python Package Index). The new package “pyiopcs” reported and removed, nevertheless.

The attacker finally decided to use “a malicious Python package listed in the requirements.txt file” after continually having their package removed. The package changes carried out by this attacker tracked by Checkmarx. The attacker simply chooses a different user name each time their malicious package taken down to more successfully avoid detection.

Targeted Data Types By The WASP Infostealer

The WASP info stealer malware targets a variety of data types, including cryptocurrency wallets, login credentials, and credit card information. For instance, a victim’s Discord login information or payment information could stolen and used to make purchases in their name. Nachshon wrote in the above Medium post that “as attackers get more intelligent. The level of manipulation used by software supply chain attackers is increasing.” As a result, it would appear that software supply chain threats would remain a security issue as methods advance over time.

By no means is this the first case in which TikTok has used to spread malware and run frauds. This app is quite well-liked and also appeals to a lot of younger people who are less familiar with online safety. Social media platforms frequently used to scam unaware people, whether it’s for account control, money, or data. This is why it’s crucial to remain cautious when using the internet.