Science

Software claiming to expose nudes on TikTok installs malware that can steal your passwords and more

Software that claims to unfilter TikToks or expose nudes installs malware that can steal your passwords, credit card numbers, and other sensitive information.

  • Cybercriminals are using the popular Invisible Challenge on TikTok to trick thousands into downloading malware
  • Checkmarx Security alerted users to the attack by clicking on a link that claimed to remove a filter, and display nudity 
  • Instead, they install malicious software onto their smartphones which can then steal their credit card and password information.
  • Checkmarx noted that “the high number of people who were tempted by this Discord server to install this malware are concerning.” 

TikTok is a TikTok filter used by cybercriminals to trick users into downloading malware that can steal their passwords and credit card numbers. 

Security firm Checkmarx discovered the attack and it is still ongoing. It targets users who participate in the “Invisible Challenge” on the video-sharing platform owned China’s ByteDance. 

The challenge is to upload nude or mostly-nude images of yourself on TikTok. After that, apply an invisible filter to remove their bodies from the video. The result is a blurry picture. 

TikTok is a TikTok filter used by cybercriminals to trick users into downloading malware which can steal their passwords and credit card numbers.

The Attack, Which Was Found By Security Firm Checkmarx And Is Still Ongoing, Preys On Users Who Take Part In The 'Invisible Challenge' On The Video-Sharing Platform Owned By China'S Bytedance

Security firm Checkmarx discovered the attack and it is still ongoing. It targets users who participate in the “Invisible Challenge” on the video-sharing platform owned China’s ByteDance.

They offer users “unfilter” software, which they claim can remove the TikTok filter. The ‘unfilter” download is actually a collection of malware that can steal passwords and credit cards, as well as other personal information. 

@learncyber, @kodibtc uploaded videos to TikTok which had more than 1,000,000 views each. They were promoting a software program that would’remove the filter invisible body’ 

The invite link to Discord was included in the videos to allow you to access the software. 

After Clicking the link takes users to a Discord server called Space Unfilter, where there are NSFW videos that can be viewed.

The bot account Nadeko sends them a private message asking them to join a GitHub repository. This is where the malware is stored deep within the program’s code. 

Checkmarx claims that this malware can then be used to steal passwords and credit card numbers as well as cryptocurrency wallets. 

According to digital security firm, Discord was used by at least 35,000 people before it was removed. 

TikTok’s challenge has been popular, with over 25,000,000 views at the moment. #InvisibleFilter tag. 

Guy Nachshon, Checkmarx software engineer, stated that he was concerned by the high number of people who might be tempted to join Discord servers and install malware. blog post

“The amount of manipulation that software supply chain attackers use is increasing as the attackers get more clever.

He said that these attacks again demonstrate that cyber attackers have begun to focus their attention upon the open-source ecosystem. This trend is expected to accelerate in 2023. 

Researchers discovered last year that TikTok’s “Find Friends” feature had a security flaw that could have allowed hackers access to personal information like phone numbers, avatars, and nicknames. 

According To Checkmarx, That Malware Can Then Harvest Passwords, Credit Card Numbers And Cryptocurrency Wallets. The Digital Security Firm Estimates That At Least 30,000 Users Joined The Discord Server Before It Was Taken Down

Checkmarx claims that this malware can then be used to steal passwords and credit card numbers as well as cryptocurrency wallets. According to the digital security firm, at least 30,000 people joined Discord before it was shut down.

'These Attacks Demonstrate Again That Cyber Attackers Have Started To Focus Their Attention On The Open-Source Package Ecosystem; We Believe This Trend Will Only Accelerate In 2023,' He Said

He said, “These attacks have again demonstrated that cyber attackers are starting to focus on the open source package ecosystem; We believe that this trend will only accelerate from 2023.”

Show More

Jacky

The author of what'snew2day.com is dedicated to keeping you up-to-date on the latest news and information.

Related Articles

Back to top button