A new challenge is currently breaking audience records on TikTok: the “Invisible Body”. Problem, its popularity has attracted the greed of hackers, who use it as a springboard to push credulous users to download their malware. Once installed, it will steal a lot of sensitive information, including Discord IDs.
If you happen to scroll on TikTok, you probably haven’t missed this impressive new filter, capable of hiding the body of its user to leave only his clothes floating in the air. As you might expect, it didn’t take long before some had fun removing all their clothes in front of the camera to completely disappear from the picture. Thus was born the “Invisible Body” challenge.
However, a mild understatement would be to say that not everyone has good intentions on the Internet. Many TikTok users want to take advantage of this challenge to contemplate naked bodies. Sometimes to the point of falling directly into the trap set by pirates. This is revealed by a recent report from Checkmarx, which discovered a whole scheme based on this TikTok challenge.
On the same subject: TikTok is singled out by Arcom for its lack of transparency towards fake news
No, this software does not allow you to see naked bodies on TikTok
Checkmarx researchers have thus discovered two videos posted on the Chinese social network, counting alone more than a million views. The latter claim to promote software that allows you to see naked bodies hidden by the famous TikTok filter. To download it, targets must go to a dedicated Discord server. At the time of the study, the latter already had more than 32,000 members.
On the same subject – TikTok: 4 teenagers killed in a car accident after participating in the “Kia Challenge”
Victims are then greeted by a bot that redirects them to a GitHub repository. Of course, the so-called software that is downloaded there contains malware, called WASP Stealer. The latter is capable of stealing a lot of sensitive information, including the victim’s Discord identifiers, which hackers then use to spread other scams on the platform, but also bank details and crypto wallets.
“These attacks demonstrate yet again that hackers are now turning their attention to the open-source package ecosystem. We believe this trend will only accelerate in 2023.”, writes Checkmarx. The method is so effective that the malicious GitHub repository has been trending for some time on the site.