A new scam via TikTok is being applied through a challenge called “Invisible Challenge”, in which the user records a naked video and uses the Invisible Body filter (Invisible Body) so that the body becomes invisible and only appears the outline of the person.
The “Invisible Challenge” has gained a lot of popularity recently. On TikTok, the #invisiblefilter tag has over 25 million views.
The popularity of this challenge on TikTok led cybercriminals to create a way to remove the “Invisible Body” effect so that Internet users’ bodies appear naked, that is, as the video was originally recorded.
More than 30,000 members joined the Discord server this was being publicized.
This campaign involves criminals creating videos for the “Invisible Challenge” with a link that leads to a server on Discord where criminals make the Unfilter software available, capable of removing the effect of the Invisible Body filter.
The discovery was made by Checkmarx researchers, which in addition to revealing malicious users participating in the challenge, showed that Unfilter also installs malware capable of stealing data.
“The instructions for obtaining the ‘Unfilter’ software deploy the WASP thief malware hidden inside malicious Python packages,” said Guy Nachshon, researcher at Checkmarx.
As reported by Bleepingcomputer, the user who installs the Unfilter has the device invaded by the malware “Wasp Stealer Discord Token Grabber”, which steals Discord accounts, passwords and credit cards stored in browsers, cryptocurrency wallets and computer files.
Two TikTok users @learncyber and @kodibtc were responsible for promoting Unfilter in videos posted on November 11th. The two malicious accounts are estimated to have reached over a million views. Both accounts have already been suspended.
Have you watched our new videos on YouTube🇧🇷 Subscribe to our channel!