Trending TikTok 'Invisible Challenge' Used by Hackers to Spread Malware
Reading Time: 2 minutes

A trending TikTok challenge called Invisible Challenge is used by hackers to spread malware, researchers at Checkmarx have discovered this trend. 

TikTok’s – Invisible Challenge involves users applying a  filter known as Invisible Body which leaves behind a silhouette of your body.

Taking advantage of the fact that these videos can be undressed has led to a sinful scheme. The bad actors post TikTok videos with links to rogue software dubbed “unfilter” that purport to remove the applied filters.

Checkmarx researcher Guy Nachshon said, “Instructions to get the ‘unfilter’ software deploy WASP stealer malware hiding inside malicious Python packages.”

The WASP stealer malware also known as W4SP Stealer is designed to steal users’ passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.

Attackers going by the user handle @learncyber and @kodibtc posted TikTok videos on November 11, 2022, and have got over a million views. These have now been suspended, while the video also included an invite link to a Discord server managed by the hackers. Nearly 3200 members had been found joining this Discord server after receiving a link to a GitHub repository that hosts the malware.Trending TikTok 'Invisible Challenge' Used by Hackers to Spread Malware_2
The campaign has since been renamed “Nitro-generator”, though not until it was shipped on GitHub’s Trending repositories list on November 27, 2022, by luring the new members on Discord to star the project.Trending TikTok 'Invisible Challenge' Used by Hackers to Spread Malware_1The hackers also not only changed the repository name but also deleted old files in the project and uploaded fresh ones. One such file included  the updated Python code as “It’s open source, it’s not a **VIRUS**.” The GitHub account has now been pulled.

Private repositories show The Stealer code was embedded in the Python packages “tiktok-filter-api,” “pyshftuler, “pyiopcs,” and “pydesings.” Upon getting removed, the operators published new releases of these packages under different names to the Python Package Index.

“The level of manipulation used by software supply chain attackers is increasing,” Nachshon noted, “as attackers become increasingly clever.” These attacks are a reminder that cyber attackers have started targeting the open-source package ecosystem.

Related Articles:

CISA Mentions Actively Exploited Critical Oracle Fusion Middleware Vulnerability
Ireland’s Data Protection Commission Fines Facebook For The Leak Of More Than 500 Million Users’ Data
New Baseboard Management Controller Firmware Flaws