The Invisible Challenge on the short-form video hosting platform TokTok could be harmful, according to the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT), which revealed that it exposes devices to information-stealing malware.
According to a NCC-CSIRT advisory, threat actors have used the Invisible Challenge, a popular TikTok challenge, to spread the WASP (or W4SP stealer) malware, which steals information.
The WASP stealer is persistent malware hosted on Discord that its creator claims is undetectable and has a high probability of causing critical damage.
According to the warning, “The Invisible Challenge entails surrounding a presumedly naked person with a body contouring filter that is partly translucent. Attackers are posting videos to TikTok that contain a link to a piece of software they claim can undo the effects of the filter.
“The WASP stealer is spread to anyone who click on the URL and try to download the program known as “unfilter.” Over a million views on suspended accounts were accumulated after the videos were first posted with a link. The “Space Unfilter” Discord server can be reached by clicking the link. It once had 32,000 users, but its creators have since deleted it.
The malware will be able to gather keystrokes, screenshots, network activity, and other data from devices where it is installed if the installation is successful. Additionally, it might stealthily keep track of user activity and gather Personally Identifiable Information (PII), such as usernames and passwords, keystrokes from emails and chat applications, websites visited, and financial activity. This malware may have the ability to secretly take screenshots, record videos, or turn on any attached camera or microphone, according to the statement.
According to the Team, avoiding clicking on suspicious links, using anti-malware software on your devices, checking the app tray and removing any apps you do not recall installing or that are inactive, and adopting good password hygiene practices like using a password manager are some ways to thwart such an attack.
The NCC established the CSIRT as the telecom industry’s cyber security incident center to focus on incidents that may have an impact on telecom users and the general public.
The Federal Government established the Nigerian Computer Emergency Response Team (ngCERT) to reduce the frequency of future computer risk incidents by preparing, safeguarding, and securing Nigerian cyberspace to prevent attacks, problems, or related events. The CSIRT also collaborates with ngCERT.