TikTok users are being hoodwinked into downloading malware
Hackers are exploiting TikTok’s “Invisible Body Challenge” to spread malware that can steal passwords and credit-card details.
A trending challenge on TikTok is encouraging users to film themselves naked, and then use TikTok’s “Invisible Body” filter to replace their body with a blurry background.
The hackers are exploiting this trend by posting videos that offer to remove the filter, tricking people into thinking they will see the naked bodies instead. However, all they will really get in return is a piece of malware that can be used to steal Discord accounts, as first discovered by security firm Checkmarx.
Victims are encouraged to download a piece of software that will supposedly remove the filter. However, the software is fake and all they actually get is a piece of malware called “WASP Stealer (Discord Token Grabber)”, which is used to harvest Discord account details, stored credit cards, passwords, cryptocurrency wallets and other computer files, according to security firm CyberSmart.
“The short and shareable format of TikTok’s videos means content can quickly go viral, attracting thousands, if not millions, of eyeballs in a short span of time,” said Jamie Akhtar, CEO and co-founder of CyberSmart, in a statement. “It is no wonder then that cybercriminals will be keen to jump on these trends as a vehicle for their scams.”
“The Invisible Challenge where individuals film themselves naked, blurred out only by a filter, puts many in a vulnerable position,” Akhtar added.
“By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it. Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”