Hackers are exploiting this new TikTok craze to push malware

Password
(Image credit: reklamlar)

Cybercriminals have struck gold with a malware distribution campaign leveraging a TikTok challenge and the ground-breaking promise of seeing people naked on the internet to wreak havoc. 

The "Invisible Body" challenge involves users recording their naked bodies on video, and then using a TikTok filter to remove it from the video and replace it with a blurry background. The malware in question claims to remove the filter.

Like many TikTok challenges, this one became popular quite quickly, with the hashtag #invisiblebody having more than 24 million views. Similarly, the GitHub repository used to distribute the malware rose to the top of its list of trending repositories.

Fake videos

However, cybercriminals were quick to capitalize on it, creating videos that promote a way to remove the filter and view the original, unedited clip. 

In the description of the video was a link to a Discord server where users are directed to a second link, leading to GitHub. There, users are told they can download the “unfiltering” filter which is actually the WASP Stealer (Discord Token Grabber) malware.

This tool steals people’s Discord accounts, passwords, credit card information saved in browsers, cryptocurrency wallets, and even people’s files. 

According to BleepingComputer, just two videos promoting the fake tool were viewed more than a million times, and one Discord server has amassed over 30,000 people. A simple Google search for the keywords “Invisible Body TikTok” now serves up dozens of videos promoting fake filter removal tools. 

WASP is hosted on GitHub, and soon after the videos hit the web, it achieved the status of “trending GitHub project”. 

Both GitHub and TikTok were quick to remove the accounts promoting the scheme from their platforms. However, the threat actors seem to have made a quick return, using different account and project names. 

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
Trojan
Hackers hide malware into website images to go unnoticed
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does