 |
| Hackers use TikTok hidden object challenge to spread malware |
Researchers have revealed that hackers are currently trying to exploit TikTok's hidden challenge, to install malware on thousands of devices and steal passwords, Discord accounts, and possibly cryptocurrency wallets.
One popular new TikTok challenge asks users to take a nude photo of themselves while using the service's Invisible Body filter, which removes the body from a video and replaces it with a blurred background.
The challenge resulted in users posting videos of themselves "naked" but with their bodies covered in filters.
To take advantage of the challenge, hackers have posted videos that they claim introduce a special filter that would nullify the effects of TikTok's masking body filter and make it accessible to anyone who wants to see challenge participants naked.
In reality, the software is fake and installs the WASP Stealer malware, which is capable of stealing Discord accounts, passwords, credit card credentials stored in the browser, cryptocurrency wallets, and even files from the victim's computer.
According to a new report by cybersecurity firm Checkmarx, users whose videos were viewed more than a million times have had their accounts suspended shortly after they were posted.
Hackers ask users to access a Discord server to install filters that remove the effects of masking-body filters, and the server reportedly received over 32,000 concurrent visits.
On the server, users see a link to the GitHub repository where the malware is located.
Hackers used StarJacking technology to link their GitHub project to another popular project, making their software appear legitimate, according to security researchers.
In its report, Checkmarx said the attacks are another example of how hackers are beginning to focus on the open source software ecosystem, a trend that will accelerate in 2023.