Search This Blog

Powered by Blogger.

Blog Archive

Labels

This TikTok Thirst Trap Dupes Users Into Downloading Malware

The so–called “unfilter” software installs hidden malware capable of stealing passwords, credit cards, and other personal data.

 

In a new malware attack, digital thieves are exploiting horny TikTok viewers' desire for nude images. The attack, revealed by Checkmarx researchers, entices users by offering to remove a filter used by TikTokers participating in the "Invisible Challenge." 

Users who participate in the challenge upload nude or mostly nude images of themselves to TikTok and then use an invisibility filter to remove their bodies from the video, leaving only a ghostly blurry image in their wake. Preying on viewers' curiosity, the attackers offer "unfilter" software that claims to be able to remove the filter. In reality, that "unfilter" download contains malware skilled of stealing passwords, credit card information, and other private details.

The Checkmarx report cites attackers who posted their own TikTok videos promoting software that they claim can discard the invisible filter. These videos contained links to a Discord server where users could download the files. That server, dubbed "Space Unfilter," contains nude images uploaded by the attackers as proof that the unfilter tools work.

Users who download the software expecting to see boobs inadvertently install "WASP Stealer" malware hidden in a Python package. That malware is said to be capable of stealing a wide range of personal information, from credit card numbers and cryptocurrency wallets to Discord account information. Checkmarx estimates that over 30,000 people joined the Discord server before it was shut down.

“The high number of users tempted to join this Discord server and potentially install this malware is concerning,” Checkmarx Software Engineer Guy Nachshon said in a blog post. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”

The Invisible Challenge, which depends on a filter that acts as a type of green screen by matching a user's skin tone to their background, has been around for a while but has recently gained traction. The #invisiblefilter tag had over 27 million views at the time of writing. With all of the attention, the challenge becomes a breeding ground for attackers looking to catch pervy users with their pants down.

“By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it,” Cybersmart CEO and co-founder Jamie Akhtar​​ said in an interview with Forbes. “Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”
Share it:

malware

Security

Software

TikTok

User Data

User Privacy

User Safety