Cyber criminals are using a TikTok filter that promises to expose nudity to trick users into downloading malware that can then steal their passwords and credit cards.
The attack, which was found by security firm Checkmarx and is still ongoing, preys on users who take part in the ‘Invisible Challenge’ on the video-sharing platform owned by China‘s ByteDance.
That challenge involves posting nude or mostly nude images of themselves on TikTok and then applying an invisibility filter to remove their body from the video. Only a blurry image is left after that.
Cyber criminals are using a TikTok filter that promises to expose nudity to trick users into downloading malware that can then steal their passwords and credit cards
The attack, which was found by security firm Checkmarx and is still ongoing, preys on users who take part in the ‘Invisible Challenge’ on the video-sharing platform owned by China’s ByteDance
The attackers offer users ‘unfilter’ software that they claim can remove the filter from TikTok videos. But in truth, the ‘unfilter’ download is just a bunch of malware that can then steal passwords, credit cards and other personal information.
Users named @learncyber and @kodibtc posted videos on TikTok that earned more than 1 million views combined to promote a software app that would ‘remove filter invisible body.’
Their videos contained an invite link to a Discord server in order to get the software.
After clicking on the link, users are directed to join a Discord server called Space Unfilter and there are NSFW videos uploaded to the user.
Next, they receive a private message from a bot account called Nadeko that asks them to join a GitHub repository, which is where the malicious malware is hidden deep in the program’s code.
According to Checkmarx, that malware can then harvest passwords, credit card numbers and cryptocurrency wallets.
The digital security firm estimates that at least 30,000 users joined the Discord server before it was taken down.
The challenge on TikTok is popular and currently has over 25 million views for the #InvisibleFilter tag.
‘The high number of users tempted to join this Discord server and potentially install this malware is concerning,’ Checkmarx software engineer Guy Nachshon said in a blog post.
‘The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever.
‘These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023,’ he said.
Last year, researchers discovered a security flaw within TikTok’s ‘Find Friends’ feature that would have allowed hackers to scrape personal information such as phone numbers, profile avatars and nicknames.
According to Checkmarx, that malware can then harvest passwords, credit card numbers and cryptocurrency wallets. The digital security firm estimates that at least 30,000 users joined the Discord server before it was taken down
‘These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023,’ he said
