The Invisible Challenge on the short-form video hosting platform TikTok can expose devices to information-stealing malware, according to the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT).
According to an NCC-CSIRT advisory, threat actors have used the Invisible Challenge, a popular TikTok challenge, to spread the WASP (or W4SP stealer) malware, which steals information.
The WASP stealer is persistent malware hosted on Discord that its creator claims is undetectable and has a high possibility of causing severe damage.
According to the warning, “The Invisible Challenge entails surrounding a presumably naked person with a body contouring filter that is partly translucent. Attackers are posting movies to TikTok with a link to a piece of software they claim will undo the effects of the filter.
“The WASP stealer is spread to anyone who click on the URL and try to download the program known as “unfilter.” Over a million views on suspended accounts were accumulated after the videos were first posted with a link. The “Space Unfilter” Discord server can be reached by clicking the link. It once had 32,000 users, however its developers have since deleted it.
The malware will be able to gather keystrokes, screenshots, network activity, and other data from devices where it is installed if the installation is successful.
Additionally, it might stealthily keep track of user activities and gather Personally Identifiable Information (PII), such as usernames and passwords, keystrokes from emails and chat applications, websites visited, and financial activity.
This malware may have the potential to secretly take screenshots, record videos, or turn on any attached camera or microphone, according to the statement.
According to the Team, avoiding clicking on suspicious links, using anti-malware software on your devices, checking your app tray and removing any apps you don’t remember installing or that are dormant, and adopting good password hygiene practices like using a password manager are some ways to thwart such an attack.
The NCC established the CSIRT as the telecom industry’s cyber security incident center to focus on occurrences that may have an impact on telecom users and the general public.
The Federal Government formed the Nigerian Computer Emergency Response Team (ngCERT) to prepare, safeguard, and secure Nigerian cyberspace against assaults, issues, or related occurrences. The ngCERT and the CSIRT collaborate to lower the volume of future computer risk incidents.