TikTok: NCC Claims Challenge On Social Media Platform Circulates Info-Stealing Malware
The Nigerian Communications Commission’s Computer Security Incident Response Team has warned about the potential harm of taking part in the ‘Invisible Challenge’ on short-form video hosting service, TikTok, revealing that it exposes devices to Information-Stealing Malware.
An NCC-CSIRT advisory on Tuesday, shared by the Director, Public Affairs, NCC, Reuben Muoka, said threat actors had taken advantage of a viral TikTok challenge, known as the Invisible Challenge, to disseminate an information-stealing malware known as the WASP (or W4SP) stealer.
The WASP stealer, which is high in probability with critical damage potential, is a persistent malware hosted on discord that its developer claim is undetectable.
ALO READ: Half Of Gen Z Search Internet Using TikTok, Instagram Instead Of Google
The advisory said;
The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.
ALSO READ: Lagos State Partners TikTok To Regulate Digital Content
The statement reads further;
Those who click on the link and attempt to download the software, known as “unfilter,” are infected with the WASP stealer.
Suspended accounts had amassed over a million views after initially posting the videos with a link.
Following, the link leads to the “Space Unfilter” Discord server, which had 32,000 members at its peak but has since been removed by its creators.
The concluding part of the explanation reads;
Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed.
It may also covertly monitor user behaviour and harvest Personally Identifiable Information, including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity.
This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone