According to cybersecurity company Checkmarx, researchers found two TikTok videos posted by the attackers that boast of over a million views combined. They claim that hackers are using this popular TikTok challenge to install virus and password stealers in TikTok users’ devices.
How the hack works
Hackers are taking advantage of this TikTok trend by posting videos that claim to offer to remove the filter. These videos trick people into believing that they will see naked bodies instead. They claim that the software they will download will offer a special “unfiltering” filter that will remove TikTok’s body masking effect and expose the TikTokersnude bodies.
However, this software is fake and installs the “W.A.S.P. Stealer (Discord Token Grabber)” malware, capable of stealing Discord accounts, passwords and credit cards stored on browsers, cryptocurrency wallets, and even files from a victim’s computer.
The now-suspended TikTok users @learncyber and @kodibtc offered the software app to “take away clear out invisible frame” on a Discord server named “Space Unfilter.” The attack has reportedly been so successful that the malicious repository has achieved a “trending github undertaking” status, and while it has since been renamed, it currently has 103 stars and 18 forks.
Not the first time, the list is long
This is not the first time that a popular/trending challenge on TikTok is being used by cybercriminals to dupe users. From time to time, there has been a dangerous trending challenge on TikTok. Other names include “Tide Pods Challenge,”Milk Crate Challenge“, “Cha Cha Slide Challenge”, “Penny Challenge,Burning Pile Challengeand plenty of others.