Malware, Vulnerability Management, Threat Management

Attackers lure users to install malware via TikTok challenge

A young man holding a smartphone casts a shadow as he walks past an advertisement for social media company TikTok.
Attackers are using a popular TikTok challenge to spread malware, Checkmarx researchers reported. (Photo by Sean Gallup/Getty Images)

Bad actors are taking advantage of a popular TikTok challenge in an attempt to trick users into downloading malware, according to new research from security firm Checkmarx.

The “Invisible Challenge” is when a person poses naked while using a special effect called “Invisible Body,” which makes a blurred contour image of the person’s body, according to a Nov. 28 Checkmarx blog post. The challenge had more than 25 million views for the #invisiblefilter hashtag, noted Checkmarx.

Perhaps appealing to the more prurient curiosity of users on the platform, two TikTok accounts (@learncyber and @kodibtc) posted videos with links to join a Discord server with fake software that claims to be able to remove the filter. Visitors will find a NSFW video claiming to be the result of the software as proof of its authenticity, along with install links for the WASP stealer malware “hiding inside malicious Python packages.” Nearly 32,000 people had joined the Discord server when the Checkmarx researchers posted their report.

Additionally, a bot account sent private messages to users with a request to “star” a GitHub repository for an open-source tool that removes the video effect, the Checkmarx post said. That project, named “420World69/Tiktok-Unfilter-Api,” gained trending status on GitHub.

Checkmarx researchers said the campaign is linked to other malicious Python packages and are keeping track of new updates since they consider it an ongoing attack. The attackers’ packages have been removed, but they quickly improvise and create a new identity or name when the Python security team deletes the malicious packages.

“These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem,” concluded researchers Guy Nachshon and Tal Folkman. “We believe this trend will only accelerate in 2023.”

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.