Categories: Cyber Security News

TikTok’s ‘Invisible Challenge’ Abused by Hackers To Install Dangerous Malware

Cybersecurity analysts at Checkmarx affirmed that a popular TikTok challenge is being used by hackers to trick people into downloading malicious software that steals private information from them.

Currently, the #invisiblefilter tag of this challenge has accumulated over 25 million views and is one of TikTok’s most popular challenges.

Malicious Invisible Challenge in TikTok

Hackers are running this malicious campaign by taking advantage of the Invisible Challenge trend on TikTok. During this challenge, participants are challenged to pose naked by using a special effect that simulates the idea of an invisible body. 

In this effect, a person’s image appears blurred and contoured with a blurring effect. It seems that people have been posting videos of themselves apparently naked but with the filter obscuring the camera lens.

Threat actors have taken advantage of this vulnerability by creating TikTok videos that offer a specially formulated “unfiltering” filter that allegedly removes the body masking effect used by others.

In short, they claim that this new filter will expose the nude bodies of the TikTokers using this trend. But, in reality, this “unfiltering” filter software is a fake tool that installs the following malware on the target system:-

  • WASP Stealer (Discord Token Grabber)

This malware is capable of stealing the following users’ data:-

  • Discord accounts
  • Passwords
  • Saved credit cards on browsers
  • Cryptocurrency wallets
  • Other essential files

Hackers Abusing TikTok Trends

Within a short period of time after these videos were posted, over a million people viewed them. Over 31,000 members are registered on one of the threat actor’s Discord servers.

It was found that the attackers posted two TikTok videos that quickly gathered over a million views between them, each time. It has been detected that [@learncyber] and [@kodibtc] are two users who created promotional videos to promote the malicious software:-

Space Unfilter

The victims receive a link from a bot dubbed “Nadeko” in Discord as soon as they join the server. The link points the user to a GitHub repository that contains malware.

It seems that the malicious GitHub project that has been used in this attack has achieved the status of a “trending GitHub project” because of the success of the attack.

There are currently 103 stars and 18 forks on the project even though it has been renamed since then. 

Technical Analysis

The project files contained a Windows batch file (.bat) that, when executed, installs:- 

  • A malicious Python package (WASP downloader)
  • A ReadMe file

The ReadMe file contains a link to a YouTube video that offers step-by-step guidance for the victims to install the malicious TikTok “unfilter” software.

There were several Python packages that were used by the hackers in this campaign and all of them are hosted on PyPI . While here below we have mentioned some of the Python packages used by the hackers:-

  • tiktok-filter-api
  • pyshftuler
  • pyiopcs
  • pydesings

As far as the attackers are concerned, the malicious package was used to falsify the GitHub repository associated with its malicious application as follows: 

  • https[:]//github.com/psf/requests

This is however a Python package that belongs to the “requests” module. This is done for the sole purpose of making the package appear popular and legitimate in the eyes of general users.

There is a copy of the original code included in the malicious package. However, there is also a modification that makes it possible for attackers to use the host’s network connections in order to install malware.

There is a high likelihood that this malware will be installed by a large number of users that join the Discord server, and this scenario is highly concerning.

Threat actors have reportedly moved to another server after taking the Discord server “Unfilter Space” offline. Cyber attackers have once again found ways to attack open-source packages, again demonstrating that they are focusing their attention on these ecosystems.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Junior School Student Indicted for Infecting Computers With Malware

Fukui Prefectural Police have indicted a 15-year-old junior high school student from Saitama Prefecture for…

2 hours ago

Critical Gitlab Vulnerability Let Attackers Escalate Privileges

GitLab, a widely used platform for DevOps lifecycle management, has released critical security updates for…

3 hours ago

Firefox 133.0 Released with Multiple Security Updates – What’s New!

Mozilla has officially launched Firefox 133.0, offering enhanced features, significant performance improvements, and critical security…

6 hours ago

RomCom Hackers Exploits Windows & Firefox Zero-Day in Advanced Cyberattacks

In a new wave of cyberattacks, the Russia-aligned hacking group "RomCom" has been found exploiting…

15 hours ago

Chinese APT Hackers Using Multiple Tools And Vulnerabilities To Attack Telecom Orgs

Earth Estries, a Chinese APT group, has been actively targeting critical sectors like telecommunications and…

17 hours ago

200,000 WordPress Sites Exposed to Cyber Attack, Following Plugin Vulnerability

A critical security vulnerability has been discovered in the popular WordPress plugin Anti-Spam by CleanTalk, which…

22 hours ago