Friday, March 29, 2024

TikTok’s ‘Invisible Challenge’ Abused by Hackers To Install Dangerous Malware

Cybersecurity analysts at Checkmarx affirmed that a popular TikTok challenge is being used by hackers to trick people into downloading malicious software that steals private information from them.

Currently, the #invisiblefilter tag of this challenge has accumulated over 25 million views and is one of TikTok’s most popular challenges.

Malicious Invisible Challenge in TikTok

Hackers are running this malicious campaign by taking advantage of the Invisible Challenge trend on TikTok. During this challenge, participants are challenged to pose naked by using a special effect that simulates the idea of an invisible body. 

In this effect, a person’s image appears blurred and contoured with a blurring effect. It seems that people have been posting videos of themselves apparently naked but with the filter obscuring the camera lens.

Threat actors have taken advantage of this vulnerability by creating TikTok videos that offer a specially formulated “unfiltering” filter that allegedly removes the body masking effect used by others.

In short, they claim that this new filter will expose the nude bodies of the TikTokers using this trend. But, in reality, this “unfiltering” filter software is a fake tool that installs the following malware on the target system:-

  • WASP Stealer (Discord Token Grabber)

This malware is capable of stealing the following users’ data:-

  • Discord accounts
  • Passwords
  • Saved credit cards on browsers
  • Cryptocurrency wallets
  • Other essential files

Hackers Abusing TikTok Trends

Within a short period of time after these videos were posted, over a million people viewed them. Over 31,000 members are registered on one of the threat actor’s Discord servers.

It was found that the attackers posted two TikTok videos that quickly gathered over a million views between them, each time. It has been detected that [@learncyber] and [@kodibtc] are two users who created promotional videos to promote the malicious software:-

Space Unfilter

The victims receive a link from a bot dubbed “Nadeko” in Discord as soon as they join the server. The link points the user to a GitHub repository that contains malware.

It seems that the malicious GitHub project that has been used in this attack has achieved the status of a “trending GitHub project” because of the success of the attack.

There are currently 103 stars and 18 forks on the project even though it has been renamed since then. 

Technical Analysis

The project files contained a Windows batch file (.bat) that, when executed, installs:- 

  • A malicious Python package (WASP downloader)
  • A ReadMe file 

The ReadMe file contains a link to a YouTube video that offers step-by-step guidance for the victims to install the malicious TikTok “unfilter” software.

There were several Python packages that were used by the hackers in this campaign and all of them are hosted on PyPI . While here below we have mentioned some of the Python packages used by the hackers:-

  • tiktok-filter-api
  • pyshftuler
  • pyiopcs
  • pydesings

As far as the attackers are concerned, the malicious package was used to falsify the GitHub repository associated with its malicious application as follows: 

  • https[:]//github.com/psf/requests

This is however a Python package that belongs to the “requests” module. This is done for the sole purpose of making the package appear popular and legitimate in the eyes of general users.

There is a copy of the original code included in the malicious package. However, there is also a modification that makes it possible for attackers to use the host’s network connections in order to install malware.

There is a high likelihood that this malware will be installed by a large number of users that join the Discord server, and this scenario is highly concerning.

Threat actors have reportedly moved to another server after taking the Discord server “Unfilter Space” offline. Cyber attackers have once again found ways to attack open-source packages, again demonstrating that they are focusing their attention on these ecosystems.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles