Popular TikTok Challenge
Threat actors are leveraging a popular TikTok challenge to lure users into installing information-stealing spyware, according to research by Checkmarx.
This fad is known as the Invisible Challenge and involves the use of the Invisible Body filter, which leaves just a silhouette of the subject.
Publish TikTok Films
The prospect that persons in such videos may be nude, however, has led to a malicious scheme in which attackers publish TikTok films with links to fraudulent software dubbed “unfilter,” which purports to remove imposed filters.
“Instructions to get the ‘unfilter’ software deliver WASP stealer malware concealed within malicious Python packages,” Checkmarx researcher Guy Nachshon stated in an investigation published on Monday.
WASP Stealer
The virus known as WASP Stealer (also known as W4SP Stealer) is meant to steal passwords, Discord accounts, and cryptocurrency wallets.
Read More | Why Hareem Shah is so Famous
Read More | Shehzad Roy Denies Anti-aging Claims, Says He Isn’t a Vampire
TikTok Videos of Attackers @learncyber and @kodibtc
On November 11, 2022, the TikTok videos of the attackers @learncyber and @kodibtc were seen over one million times. Now, their accounts have been deleted.
Malware-Hosting GitHub Repository
The video also offers an invitation link to an adversary-managed Discord channel. This server had around 32,000 users prior to being reported and deactivated. After joining the Discord server, victims received a link to the malware-hosting GitHub repository.
Since then, the attacker has changed the repository to “Nitro generator,” but not before it appeared on GitHub’s Trending repository listings on November 27, 2022. Additionally, he requested Discord users to star the project.
Additionally, the threat actor altered the repository’s name and uploaded new files. Even the modified Python source code was touted as “open-source and not a virus.” Now, the GitHub account has been deleted.
Python Package Index
The stealer malware was embedded in a number of Python packages, including “tiktok filter-api,” “pyshftuler,” and “pydesings,” with operators submitting replacements to the Python Package Index (“PyPI”) under alternative names after the original packages were deleted.
As attackers get more intelligent, the degree of manipulation employed by software supply chain attackers grows. These assaults are more evidence that cybercriminals have begun to target the open-source package ecosystem.