Hackers are exploiting a TikTok challenge to spread malware that can steal passwords and credit card details.
The ‘Invisible Body Challenge’ prompts users to film themselves naked, and then use TikTok’s ‘Invisible Body’ filter to replace their body with a blurry background.
Cybercriminals have hijacked the challenge by posting TikTok videos with links to a fake software called ‘unfilter’ that promises to remove the filter and reveal naked bodies.
However, instead of the promised video of naked bodies, users receive malware that can be used to steal Discord accounts as flagged by security firm Checkmarx.
The malware called ‘WASP Stealer (Discord Token Grabber)’ can reportedly steal your Discord account details, stored credit card information, passwords, cryptocurrency wallets and other files.
TikTok videos posted by the attacker reached over a million views in just a couple of days.
‘Over 30,000 members have joined the Discord server created by the attackers so far and this number continues to increase as this attack is ongoing,’ said security firm Checkmarx.
‘The TikTok users @learncyber and @kodibtc posted videos on TikTok (over 1,000,000 views combined) to promote a software app able to “remove filter invisible body“ with an invite link to join a Discord server “discord.gg/unfilter” to get it,’
Once you click the invite and join the Discord server ‘Space Unfilter’, there are NSFW videos uploaded by the attacker as proof to trick users agree to install the fake software.
Security experts have warned users against this level of manipulation used by software supply chain attackers that is increasing.