29 November 2022

Popular TikTok “Invisible Body” challenge used to spread malware


Popular TikTok “Invisible Body” challenge used to spread malware

Hackers are using a trending TikTok challenge that amassed millions views to trick unsuspecting people into downloading malware on their devices, a new report from the cybersecurity firm Checkmarx warns.

In the trend called “Invisible Challenge” people film themselves naked while using the invisible body filter called “Invisible Body”, leaving a blurred contour image of the person.

According to Checkmarx, the threat actors posted their own TikTok videos with links to fake software hosted on a Discord server. This software called “unfilter” claims to be able to remove the TikTok filters and expose people’s naked bodies, but actually installs the WASP stealer malware which steals passwords, accounts and cryptocurrency.

Once the user clicks the link and joins the Discord server, they are then sent to a page that displays naked videos of people that are allegedly the result of using the unfiltering software. They will also receive a message from a bot account that asks them to open and bookmark a GitHub repository. Inside the project's files is a .bat script that installs a malicious Python package listed in the requirements.txt file.

The malicious video reached over a million views in just a couple of days, with the attacker-controlled Discord server amassing over 30,000 members.

“The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever. It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity or simply uses a different name,” the researchers noted. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023. As we see more and more different attacks, it is critical to expedite the flow of information on these attacks across all parties involved (package registries, security researchers, developers) to protect the open-source ecosystem against those threats.”


Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023