Info-stealing malware is spreading on New TikTok Challenge, according to NCC
Nigerians have been warned by the Nigerian Communications Commission (NCC) about the dangers of participating in the “Invisible Challenge” on the video-hosting platform TikTok.
Reuben Muoka, Director, Public Affairs, NCC, shared an alert from the NCC's Computer Security Incident Response Team, NCC-CSIRT, on Tuesday, December 6. It stated that hackers had used the Invisible Challenge, a popular TikTok challenge, to spread the WASP (or W4SP) stealer, an information-stealing malware.
The WASP stealer is persistent malware hosted on Discord that its creator claims is undetectable and has a high possibility of causing severe damage.
The warning stated, “The Invisible Challenge is surrounding a supposedly naked person with a body contouring filter that is slightly transparent. Attackers are posting movies on TikTok that contain a link to a piece of software they claim may undo the effects of the filter.
“The WASP stealer is spread to anyone who click on the URL and try to download the program known as “unfilter.” Over a million views on suspended accounts were accumulated after the videos were first posted with a link. The following link will take you to the “Space Unfilter” Discord server, which peaked at 32,000 users before being shut down by its founders.
The malware will be able to gather keystrokes, screenshots, network activity, and other data from devices where it is installed if the installation is successful. Additionally, it may stealthily observe user behavior and gather personally identifiable data, such as usernames and passwords, keystrokes from emails and chat applications, websites visited, and financial activities.
This malware may have the potential to secretly take screenshots, record videos, or turn on any attached camera or microphone, according to the statement.
According to the advisory, avoiding clicking on suspicious links, using anti-malware software on your devices, checking your app tray and removing any apps you don't remember installing or that are dormant, and adopting good password hygiene practices like using a password manager are some ways to thwart such an attack.