TikTok Invisible Body challenge deployed to steal data

Share post:

Security researchers have raised concerns about the personal risks of participating in the Invisible Challenge, a viral TikTok challenge that involves a person filming themselves naked while using an effect called Invisible Body that removes the body from the video.

This is because threat actors have exploited it with a reported unfilter software that is meant to show the nudes but in reality, targets users to spread data-stealing malware.

The challenge has piqued the interest of malicious actors, who are using it to distribute data-stealing malware disguised as a software app called Unfilter, which claims to allow users to view original, uncensored videos.

According to Checkmarx security researchers, soon after the Invisible Challenge became popular, miscreants began posting TikTok videos with links to fake “unfilter” software that claims to remove the invisible filter and reveal the naked video creator.

WASP Stealer (Discord Token Grabber), an infostealer that targets Discord accounts, other credentials, and credit card data stored in victims’ web browsers, cryptocurrency wallets, and other files, is installed by the unfilter software. The campaign appeared to be linked to other malicious Python packages, and some of the code may have been stolen from a legitimate package via StarJacking, which involves hijacking the legitimate package’s GitHub Stars rating to make it appear more popular than it is.

The sources for this piece include an article in TheRegister.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Meta is gathering data on Quest virtual reality users

Meta's latest policy update reveals plans to start collecting "anonymized" data from its Quest headset users, intensifying concerns...

X/Twitter censors India farmer protests at government request

Social media platform X (formerly Twitter) admitted to removing accounts and posts related to India's farmers' protests, citing...

Musk’s X/Twitter grants “verified” status to Hezbollah terrorists

Elon Musk's platform X, previously known as Twitter, has come under scrutiny for providing premium services, including verification,...

X/Twitter cracks down on criticism and suspends Irish journalist

Journalist Séamas O’Reilly has expressed disbelief and amusement after his account on X (formerly Twitter) was suspended shortly...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways