TikTok trends come and go, but there’s one trend that’s creating quite a security concern. The trend is dubbed the “Invisible Body” challenge. Users use a filter that makes their body look invisible, filling their silhouette with AI-generated graphics to blend in with the background. While most people use the filter to make their clothes appear to dance, some users have taken it a step further to make suggestive content.
While the majority of videos nested under the hashtag are fun and wholesome, attackers are taking advantage of those that are a bit more suggestive and using them to spread WASP malware.
How does it go down?
The hacker finds a video of someone using the filter who appears as though they may be nude. They repost the video, claiming that they have removed the filter using special software, exposing the creator’s nude body. They offer this non-existent software to users via a link. That link leads to a Discord server titled “Space Unfilter.” Once they join the server, a bot sends the user a link to download the software, but it’s really a repository that hosts WASP malware, hidden within a Python package.
Just like that, someone’s curiosity may land them in a mess of trouble.
The hacker is targeting many points of data from users who fall into their pit. They’re after credit card details, login credentials, and even cryptocurrency wallets. Hackers are becoming more clever with the ways they hide these packages, making it increasingly more difficult for hosts to remove them. This specific package of Malware has already taken on a few different names and faced removal, but the demand for this phony filter remover software has the hacker playing the long game.
Since TikTok is popular with a younger demographic, there’s a concern that younger users may not be properly educated on the risks of dealing with hackers and avoiding suspicious links.
The moral of the story? Be extra cautious when clicking a link that directs you away from TikTok and stay away from “software downloads,” especially!