Attacker Uses A Popular Tiktok Challenge To Lure Users Into Installing Malicious Package

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
Content source
https://checkmarx.com/blog/attacker-uses-a-popular-tiktok-challenge-to-lure-users-into-installing-malicious-package/
  • A trending TikTok challenge called “Invisible Challenge,” where the person filming it poses naked while using a special video effect called “Invisible Body.” This effect removes the character’s body from the video, making a blurred contour image of it.
  • Attackers post TikTok videos with links to a fake software called “unfilter” that claims to be able to remove TikTok filters on videos shot while the actor was undressed.
  • Instructions to get the “unfilter” software deploy WASP stealer malware hiding inside malicious Python packages.
  • TikTok videos posted by the attacker reached over a million views in just a couple of days.
  • GitHub repo hosting the attacker’s code listed GitHub’s daily trending projects.
  • Over 30,000 members have joined the Discord server created by the attackers so far and this number continues to increase as this attack is ongoing.
Click to expand...
How does an attacker gain so much popularity in such a short time? He earned his status as a trending GitHub project by asking every new member on his server to "star" his project.

The high number of users tempted to join this Discord server and potentially install this malware is concerning.

The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever.

It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity or simply uses a different name.

These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.
As we see more and more different attacks, it is critical to expedite the flow of information on these attacks across all parties involved (package registries, security researchers, developers) to protect the open-source ecosystem against those threats.
Click to expand...
checkmarx.com

Attacker Uses a Popular TikTok Challenge to Lure Users Into Installing Malicious Package

After a cat-mouse game, as the attacker’s packages have been caught, reported and removed by PyPi, the attacker decided to move his malicious infection line from the Python package to the requirements.txt as you can see in the blog.
checkmarx.com checkmarx.com
 
  • Like
  • +Reputation
  • Wow
Reactions: TedCruz, silversurfer, Kongo and 7 others
T

TedCruz

Level 5
Aug 19, 2022
176
Hackers are exploiting TikTok’s “Invisible Body Challenge” to spread malware that can steal passwords and credit-card details.


A trending challenge on TikTok is encouraging users to film themselves naked, and then use TikTok’s “Invisible Body” filter to replace their body with a blurry background.



The hackers are exploiting this trend by posting videos that offer to remove the filter, tricking people into thinking they will see the naked bodies instead. However, all they will really get in return is a piece of malware that can be used to steal Discord accounts, as first discovered by security firm Checkmarx.


Victims are encouraged to download a piece of software that will supposedly remove the filter. However, the software is fake and all they actually get is a piece of malware called "WASP Stealer (Discord Token Grabber)", which is used to harvest Discord account details, stored credit cards, passwords, cryptocurrency wallets and other computer files, according to security firm CyberSmart.
Click to expand...
www.forbes.com

TikTok ‘Invisible Body Challenge’ Hijacked To Spread Malware

Fake software that promises to reveal naked bodies in TikTok videos is being used to spread dangerous malware
www.forbes.com www.forbes.com

Personal Input: I wonder what are the demographics on those affected? I would bet my pension that majority of the infected users are males. :)

Reminds my graduate years in college where I might or might not have used my photonics lab non-linear optics setup to remove the shower window distortion from a bathroom window.
 
  • Like
Reactions: Jack
T

TedCruz

Level 5
Aug 19, 2022
176
show-Zi said:
Tiktok's user base probably exists as the antithesis of those who care about security.
I don't think they would mind if I told them this.
Click to expand...
Yeah but you know there is a very small probability that one of those filter removal things are real! I mean, I haven't been infected in over a decade so I know that I won't be infected now! /sarcasm
 
You must log in or register to reply here.

Similar threads

T
    • Like
    • Applause
A Breakdown of the Data TikTok Collects on American Users
Replies
0
Views
585
News Archive
TedCruz
T
Gandalf_The_Grey
    • Like
    • +Reputation
Vulnerability in TikTok Android app could lead to one-click account hijacking
Replies
2
Views
775
News Archive
show-Zi
show-Zi
upnorth
    • +Reputation
    • Like
    • Wow
Malicious PyPI package found posing as a SentinelOne SDK
Replies
1
Views
668
News Archive
Andrezj
Andrezj

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top