Hackers are using a trending TikTok challenge that amassed millions views to trick unsuspecting people into downloading malware on their devices, a new report from the cybersecurity firm Checkmarx warns.

In the trend called “Invisible Challenge” people film themselves naked while using the invisible body filter called “Invisible Body”, leaving a blurred contour image of the person.

According to Checkmarx, the threat actors posted their own TikTok videos with links to fake software hosted on a Discord server. This software called “unfilter” claims to be able to remove the TikTok filters and expose people’s naked bodies, but actually installs the WASP stealer malware which steals passwords, accounts and cryptocurrency.

Once the user clicks the link and joins the Discord server, they are then sent to a page that displays naked videos of people that are allegedly the result of using the unfiltering software. They will also receive a message from a bot account that asks them to open and bookmark a GitHub repository. Inside the project's files is a .bat script that installs a malicious Python package listed in the requirements.txt file.

The malicious video reached over a million views in just a couple of days, with the attacker-controlled Discord server amassing over 30,000 members.

“The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever. It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity or simply uses a different name,” the researchers noted. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023. As we see more and more different attacks, it is critical to expedite the flow of information on these attacks across all parties involved (package registries, security researchers, developers) to protect the open-source ecosystem against those threats.”