Malicious software called ‘unfilter’ found on TikTok has been launching WASP malware on victims’ devices, found researchers at Checkmarx.
The cyberattack begins with a legitimate TikTok challenge asking users to pose nude and use a filter called ‘invisible body.’ Following this, cybercriminals would circulate a link with a claim to remove the filter that would allow them to view the naked users as is. This ploy of a fake filter would then be used to launch the information-stealing malware.
TikTok, challenges, and herd mentality
Users on TikTok often see challenges that garner huge response, and this has been used by cyber attackers to launch malware attacks. The invisible challenge asked TikTok subscribers to shoot videos while naked with a promise to filter them out showing only a blurred result with the outline of their body reflecting on the screen. This was promised with a filter called invisible body.
This porn-themed malware is suspected to have reached over 25 million viewers based on its views. The uninvisibility decloak has relied on the hashtag #invisiblefilter. They offered to show the nude participants of this challenge without the filter effect by downloading a malicious software called unfilter.
Users, who are lured with nude content, download the software resulting in launching the WASP stealer malware.
Over 30,000 members have joined the Discord server created by the attackers so far and this number continues to increase as this attack is ongoing,” said the Checkmarx report.
Workings of the WASP stealer malware
WASPmalware has been known to use stenography to hide malware in images and packages and build a fake GitHub reputation. The malware can steal information related to credit cards, Discord accounts, passwords, crypto wallets, etc. The developers of this malware boast of it being absolutely undetectable. They claim it is achieved with an ‘awesome obfuscation’ technique.
Researchers have found using samples of URLs that one of them leads to Discord at hxxps://discord[.]gg/wasp which is managed by a user called Alpha.#0001. The suspect is also associated with a YouTube channel that has close to 10 subscribers with video content related to hacking among others.
Privacy concerns
With the videos posted by cyber attackers reaching nearly a million users in a few days, researchers are posing questions about the online threat to users. This popular Chinese social media platform has been questioned over the numerous data collection issues and permission requests it seeks. TikTok has been collecting sensitive data such as age, images, contacts, relationship status, single-sign-on (SSO), and also messages sent and received.
With the user’s permission, it also collects payment information and location details. The United States military and private companies like Amazon have already banned TikTok on business systems. The company has been under the radar for issues related to the safety of children. Children and teens uploading their videos and using foul language have also been a topic of concern and have resulted in the violation of COPPA rules.
