Popular TikTok “Invisible Body” challenge used to spread malware

Popular TikTok “Invisible Body” challenge used to spread malware

Hackers are using a trending TikTok challenge that amassed millions views to trick unsuspecting people into downloading malware on their devices, a new report from the cybersecurity firm Checkmarx warns.

In the trend called “Invisible Challenge” people film themselves naked while using the invisible body filter called “Invisible Body”, leaving a blurred contour image of the person.

According to Checkmarx, the threat actors posted their own TikTok videos with links to fake software hosted on a Discord server. This software called “unfilter” claims to be able to remove the TikTok filters and expose people’s naked bodies, but actually installs the WASP stealer malware which steals passwords, accounts and cryptocurrency.

Once the user clicks the link and joins the Discord server, they are then sent to a page that displays naked videos of people that are allegedly the result of using the unfiltering software. They will also receive a message from a bot account that asks them to open and bookmark a GitHub repository. Inside the project's files is a .bat script that installs a malicious Python package listed in the requirements.txt file.

The malicious video reached over a million views in just a couple of days, with the attacker-controlled Discord server amassing over 30,000 members.

“The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever. It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity or simply uses a different name,” the researchers noted. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023. As we see more and more different attacks, it is critical to expedite the flow of information on these attacks across all parties involved (package registries, security researchers, developers) to protect the open-source ecosystem against those threats.”


Back to the list

Latest Posts

Hacker plants data-wiping code in Amazon’s AI coding extension

Hacker plants data-wiping code in Amazon’s AI coding extension

Amazon says that the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error.
28 July 2025
Cyberattack forces Russian airline Aeroflot to cancel dozens of flights

Cyberattack forces Russian airline Aeroflot to cancel dozens of flights

The Silent Crow hacking group claimed to have spent a year infiltrating Aeroflot’s networks, allegedly destroying 7,000 servers.
28 July 2025
Scattered Spider targets VMware ESXi in attacks on US critical sectors

Scattered Spider targets VMware ESXi in attacks on US critical sectors

Scattered Spider employs social engineering tactics to gain initial access.
28 July 2025