Hackers are exploiting this new TikTok craze to push malware

Password
(Image credit: reklamlar)

Cybercriminals have struck gold with a malware distribution campaign leveraging a TikTok challenge and the ground-breaking promise of seeing people naked on the internet to wreak havoc. 

The "Invisible Body" challenge involves users recording their naked bodies on video, and then using a TikTok filter to remove it from the video and replace it with a blurry background. The malware in question claims to remove the filter.

Like many TikTok challenges, this one became popular quite quickly, with the hashtag #invisiblebody having more than 24 million views. Similarly, the GitHub repository used to distribute the malware rose to the top of its list of trending repositories.

Fake videos

However, cybercriminals were quick to capitalize on it, creating videos that promote a way to remove the filter and view the original, unedited clip. 

In the description of the video was a link to a Discord server where users are directed to a second link, leading to GitHub. There, users are told they can download the “unfiltering” filter which is actually the WASP Stealer (Discord Token Grabber) malware.

This tool steals people’s Discord accounts, passwords, credit card information saved in browsers, cryptocurrency wallets, and even people’s files. 

According to BleepingComputer, just two videos promoting the fake tool were viewed more than a million times, and one Discord server has amassed over 30,000 people. A simple Google search for the keywords “Invisible Body TikTok” now serves up dozens of videos promoting fake filter removal tools. 

WASP is hosted on GitHub, and soon after the videos hit the web, it achieved the status of “trending GitHub project”. 

Both GitHub and TikTok were quick to remove the accounts promoting the scheme from their platforms. However, the threat actors seem to have made a quick return, using different account and project names. 

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A white padlock on a dark digital background.
GitHub is hiding malware disguised as games, legitimate software
Trojan
Hackers hide malware into website images to go unnoticed
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Latest in News
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
Nvidia logo
Nvidia RTX 5060 Ti could be delayed to mid-April and RTX 5060 to mid-May – is AMD starting to look like a clear winner in the battle of Blackwell vs RDNA 4 GPUs?
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
Apple iPhone 16e REVIEW
The iPhone 16e’s 5G performance seemingly has the iPhone 16’s beat
Assassin's Creed Shadows
I was already sold on Assassin's Creed Shadows on PS5 Pro, but now the devs are teasing that the game will soon get a boost from PSSR