Cybercriminals have struck gold with a malware distribution campaign that takes advantage of a TikTok challenge and the innovative promise of seeing naked people online to wreak havoc.
The "Invisible Body" challenge involves users recording their naked body in a video and then using a TikTok filter to remove it from the video and replace it with a blurred background. The malware in question claims to remove the filter.
Like many TikTok challenges, this one caught on pretty quickly, with the hashtag #invisiblebody garnering over 24 million views. Also, the GitHub repository used to distribute the malware rose to the top of its list of trending repositories.
fake videos
However, cybercriminals were quick to take advantage of this and created videos promoting a way to remove the filter and view the original unedited clip.
In the video description there was a link to a Discord server where users are directed to a second link that leads to GitHub. There, users are informed that they can download the "unfiltered" filter, which is actually the WASP Stealer (Discord Token Grabber) malware.
This tool steals Discord accounts, passwords, credit card information saved in browsers, cryptocurrency wallets, and even people's files.
According to BleepingComputer(Opens in a new tab), just two videos promoting the fake tool have had over a million views, and one Discord server has garnered over 30,000 likes. A simple Google search for the keywords "Invisible Body TikTok" now turns up dozens of videos promoting fake filter removal tools.
WASP is hosted on GitHub, and soon after the videos hit the web, it achieved "Trendy GitHub Project" status.
GitHub and TikTok quickly removed accounts promoting the show from their platforms. However, the threat actors seem to have made a quick comeback, using different account and project names.
Via: BleepingComputer (Opens in a new tab)