The Invisible Challenge on the short-form video sharing platform TokTok could be harmful, according to the Nigerian Communications Commission's Computer Security Incident Response Team (NCC-CSIRT), which revealed that it exposes devices to information-stealing malware.
According to an NCC-CSIRT advisory, threat actors have used the Invisible Challenge, a popular TikTok challenge, to spread the WASP (or W4SP stealer) malware, which steals information.
The WASP stealer is persistent malware hosted on Discord that its creator claims is undetectable and has a high possibility of causing severe damage.
According to the warning, “The Invisible Challenge entails surrounding a presumedly naked person with a body contouring filter that is partly translucent. Attackers are posting movies on TikTok that contain a link to a piece of software they claim may undo the effects of the filter.
“The WASP stealer is spread to anyone who click on the URL and try to download the program known as “unfilter.” Over a million views on suspended accounts were accumulated after the videos were first posted with a link. The “Space Unfilter” Discord server can be reached by clicking the link. It once had 32,000 users, however its developers have since deleted it.
The malware will be able to gather keystrokes, screenshots, network activity, and other data from devices where it is installed if the installation is successful. Additionally, it might stealthily keep track of user activities and gather Personally Identifiable Information (PII), such as usernames and passwords, keystrokes from emails and chat applications, websites visited, and financial activity. This malware may have the potential to secretly take screenshots, record videos, or turn on any attached camera or microphone, according to the statement.
According to the Team, avoiding clicking on suspicious links, using anti-malware software on your devices, checking the app tray and removing any apps you do not recall installing or that are inactive, and adopting good password hygiene practices like using a password manager are some ways to thwart such an attack.
The NCC established the CSIRT as the telecom industry's cyber security incident center to focus on occurrences that may have an impact on telecom users and the general public.
The Federal Government formed the Nigerian Computer Emergency Response Team (ngCERT) to lower the frequency of future computer risk incidents by planning, safeguarding, and securing Nigerian cyberspace to prevent assaults, difficulties, or related events. The CSIRT also collaborates with ngCERT.