Hackers are using a popular TikTok challenge, known as "Invisible Body", to spread WASP malware and steal data.

TikTok Challenge Being Used to Spread Infostealer Malware

Malicious actors are using the "Invisible Body" TikTok challenge to spread WASP infostealer malware.

TikTok's "Invisible Body" challenge involves the use of a filter to block out a user's bodily features and solely display their silhouette. The silhouette is then matched to the background of the video, almost giving the impression of invisibility. The #invisiblefilter tag on TikTok has over 25 million views, making the trend undoubtedly popular.

While the "Invisible Body" trend itself is pretty harmless, it is now being used by creators to film themselves unclothed, with the filter masking their bodies from viewers.

Attackers are capitalizing on the allure of "unfiltering" these nude videos to spread WASP malware. The hacker will post a fake video claiming to have removed the filter using a software program, therefore exposing the naked body of the creator in question. This is designed to pique the interest of certain individuals who want to use the software themselves to un-filter TikTok videos.

Discord Used to Spread Malware

hooded person and fractured background behind discord logo
Logo Credit: Akihiro Nagai 2/Wikimedia Commons

The aforementioned invite link leads to a Discord server named “Space Unfilter," where users can allegedly download the filter-removing software. When someone joins the server, they receive a message from a bot account containing a link that leads to a GitHub repository. This repository hosts the WASP malware, which is hidden in a malicious Python package.

In a Medium blog post, Checkmarx researcher Guy Nachshon wrote that the attacker initially used a malicious package known as "pyshftuler", but then "uploaded a new malicious package under a different name" once the initial package was identified and removed by PyPi (Python Package Index). However, the new package, "pyiopcs", was also reported and removed.

After having their package removed repeatedly, the attacker then decided to use "a malicious Python package listed in the requirements.txt file". Checkmarx is keeping track of package updates conducted by this attacker. Each time the attacker's malicious package is removed, they simply use a different account name to more effectively dodge detection.

Various Kinds of Data Targeted by WASP Infostealer

The WASP infostealer malware targets numerous kinds of data, including credit card details, login information, and even cryptocurrency wallets. For example, a victim's Discord login credentials could be stolen, or their payment details may be taken to conduct transactions under their name.

In the previously mentioned Medium post, Nachshon stated that "the level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever". So, it seems that software supply chain attacks will continue to be a security concern as methods become more and more sophisticated over time.

TikTok Is Repeatedly Used to Spread Malware

This is by no means the first time that TikTok has been used to spread malware and carry out scams. This app is incredibly popular, and also caters to many younger individuals who aren't well-versed in online safety. Social media platforms are often used to swindle unknowing victims, be it for data, money, or account control. This is why it's important to always be on your guard online.