Information security researchers revealed that hackers are currently trying to exploit one of TikTok’s Invisible Challenge, to install malware on thousands of devices and steal passwords, Discord accounts, and possibly cryptocurrency wallets.
A new and popular TikTok challenge requires a user to film themselves nude while using the service’s Invisible Body filter, which removes the body from a video and replaces it with a blurred background.
The challenge led to users posting videos of themselves “naked” but the body obscured by the filter.
To take advantage of this challenge, hackers have posted videos claiming to offer a special filter that cancels the effect of the hidden body filter from TikTok, allowing anyone who wants to see the naked bodies of challenge participants.
In reality, this program is fake and installs WASP Stealer malware that is capable of stealing Discord accounts, passwords, credit card credentials stored in browsers, cryptocurrency wallets, and even files from victims’ computers.
According to a new report from cybersecurity firm Checkmarx, the videos posted by the two users, whose accounts have now been suspended, were viewed more than a million times shortly after they were posted.
The hackers asked users to go to the Discord server to install the filter that eliminates the effect of the hidden body filter, and according to the report, the server saw more than 32,000 visits at one time.
On the server, users see a link to a GitHub repository where the malware resides.
According to the security researchers, the hackers used StarJacking technology which links their GitHub project to another popular project to make their software look legitimate.
Checkmarx said in its report that these attacks show once again how online hackers have begun to focus their attention on the open-source software ecosystem, and it believes this trend will accelerate in 2023.
