There are no shortages of TikTok trends out there. Some of them are entertaining, while others are even borderline insane. One of the trends is the "Invisible Body" challenge, where users will film themselves with a filter that makes the body invisible, and they allegedly take off their clothes.
Hackers decided to claim to have software that uncovers the filter, but actually just contains a WASP Stealer malware.
Exploiting the Filter
The threat actors created TikTok videos as well, claiming that there is software that can eliminate the filter, exposing the unclothed person behind it. The videos have been viewed over a million times. The users who go by @learncyber and @kodibtc have already been suspended, but not before gathering around 30,000 members in their Discord servers.
A link is posted on the server which leads to a GitHub repository, wherein the malware is stored. The repository gained so much attention that it managed to get a "trending GitHub project," as well as 103 stars and 18 forks, according to Bleeping Computer. The repository has already been renamed based on reports.
The Malware
The campaign that led many to download the Python package went by many names, including "tiktok-filter-api," "pyshfuler," and "pyiopcs." Although the package has already been reported, reports say that the malware was moved to the requirements.txt file.
The hackers are relentless, creating new identities and files every time the files that held malware were taken down, as mentioned in The Record. The project files appear to have a Windows batch file (.bat) and once executed, will install the WASP downloader along with a ReadMe file, instructing the victims on how to install the tool used to remove the filter through a YouTube video.
The threat actors will also link the campaign to a more known GitHub project to make the malware-containing file appear more trustworthy. The WASP Stealer malware is capable of stealing multiple private data. That includes Discord accounts, passwords, credit card details on browsers, cryptocurrency wallets, as well as the personal files on the victim's computer.
Although the hackers have been shifting the location of the files after being flagged, they have gathered around 32,000 members on Discord at one point. Checkmarx expressed its concern about the growing number of cyberattacks, wherein hackers are now leaning toward the open-source package ecosystem.
They mentioned that it would accelerate by 2023. It also shows how difficult it is to remove the malware from the Internet, as the threat actors simply change their identities and the file name to continue with their work. The bottom line is that users need to be more careful about the tools they find on the Internet, especially if the offer for such services comes at a time when a lot of people are looking for them.
With the emergence of several platforms wherein threat actors can spread malware at a wider scale, it's important to be vigilant and have proper security measures like an antivirus.