"Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware"

According to new Checkmarx research, threat actors are exploiting a popular TikTok challenge to trick users into downloading information-stealing malware. The Invisible Challenge trend involves using a filter called Invisible Body, which only leaves a silhouette of the person's body behind. However, the fact that people filming such videos may be undressed has led to a malicious scheme in which attackers post TikTok videos with links to rogue software dubbed "unfilter" that claims to remove the applied filters. According to Checkmarx researcher Guy Nachshon, instructions to obtain the 'unfilter' software deploy WASP stealer malware hidden inside malicious Python packages. The WASP stealer, also known as the W4SP Stealer, is a piece of malware designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information. The attackers' TikTok videos from November 11, 2022, are estimated to have received over a million views. As a result, the accounts have been suspended. The video also includes an invite link to the adversary's Discord server, which had nearly 32,000 members before being reported and deleted. Victims who join the Discord server are then sent a link to a GitHub repository that contains the malware. The attacker has since renamed the project "Nitro-generator," but not before it appeared on GitHub's Trending repositories list for November 27, 2022, by encouraging new Discord members to star it. This article continues to discuss the exploitation of the TikTok challenge to spread the WASP stealer malware. 

THN reports "Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware"