Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info

Alina BÎZGĂ

December 02, 2022

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info

Digital miscreants have been capitalizing on TikTok trends exploiting one of the platforms’ viral challenges to trick individuals into downloading malicious software onto their devices.

The Invisible Challenge involved using an ‘invisible’ filter that allowed people to make their bodies seem transparent.

Threat actors noticed the trend for a specific purpose – individuals who began filming the ‘invisible’ videos were often undressed, and naturally, some users began making claims that they could remove the filter to reveal a lewd video of individuals.

The ‘unfilter’ ruse

Researchers at Checkmarx have spotted malicious actors promoting a fake app that allows anyone to remove the ‘invisible’ body filter from videos on TikTok.

Curious users were invited to join a Discord server promoting a lewd video with the so-called filter removed.

“Once you click the invite and join the Discord server ‘Space Unfilter,’ there are NSFW videos uploaded by the attacker, claimed to be the result of his ‘unfilter’ software, the researchers said. ”An attempt to include sample videos as proof to trick users agree to install his software.”

Researchers noted that the TikTok videos posted by the attacker reached over a million views in just a couple of days and that over 30,000 members have already joined the Discord server.

Instead of downloading a legitimate app that allows users to remove the filter, individuals infect their devices with Wasp malware – a well-known info stealer that can exfiltrate a great deal of data from compromised machines, including passwords, credit card numbers and crypto wallet info.

While there isn’t a confirmed number of impacted individuals, and many elements of the attack have already been removed, there’s no telling what cybercriminals will come up with next.

Threat actors are always looking for new and profitable ways to trick unsuspecting individuals.

To protect your data and money, make sure you always scrutinize any claims regarding the removal of TikTok filters or fixes and enable two-factor authentication.

If you think you’ve fallen victim to this attack, change passwords and monitor your accounts for any fraud attempts.

To ensure your digital safety against malicious software, credentials stealing Trojans and other nasty internet threats, consider installing a security solution on your personal devices to thwart potential Wasp attacks.

Check out our feature-rich all-in-one security suites (Premium Security and Ultimate Security) that offer online security and digital privacy with a powerful VPN and a multi-platform Password Manager here.

Depending on your location and chosen plan, you can also benefit from a comprehensive identity theft protection service.

Dedicated privacy solutions such as Bitdefender Digital Identity Protection can help you keep safe against the influx of data breaches with features like:

● Mapping of your digital footprint that includes traces of no-longer-used services

● 24/7 data breach monitoring

● Simple solutions to address leaks and digital footprint weak spots

● Easy way to sniff out social media impersonators who can ruin your reputation

tags


Author


Alina BÎZGĂ

Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

You might also like

Bookmarks


loader