TikTok Invisible Body Challenge Trend Abused to Drop Malware

The newest trend on TikTok, the Invisible Body Challenge, is being abused by cybercriminals to spread WASP info-stealing malware. This malware is capable of stealing a trove of data from a targeted device including cryptocurrency wallets, files, Discord login credentials, payment card data, passwords, etc.

What is TikTok’s Invisible Body Challenge

The Invisible Body Challenge on TikTok features a filter that acts as a green screen, and your skin tone matches the background. The result is that only your body is rendered, and clothing is visible. The #invisiblefilter tag on TikTok has over 27 million views to date, making the trend extremely popular.

TikTok Invisible Body Challenge Trend Abused to Drop Malware — Screengrab: Hackread.com

The Invisible Body Challenge is similar to TikTok’s Silhouette Challenge, in which users have to dance to the background while attempting to show off their curves in red lights.

Following the popularity of the Silhouette Challenge, many questioned whether it was possible to remove the filter from videos and see the original clip without the filter. Simply put: If it was possible to see the person’s NSFW clips.

Many are wondering the same thing in the Invisible Body challenge. However, since cybercriminals are a step ahead, a threat actor is claiming to offer “Unfilter,” a malicious software developed to supposedly remove the TikTok filter and let users see the video creator without any clothing.

Once the software is installed on a device, it starts sending the victim’s information to a remote server accessible to cybercriminals.

Growing Popularity of The “Unfilter” Software

In a Medium blog post, Guy Nachshon of Checkmarx stated that the attack is ongoing. Additionally, the threat actors behind the malware scam have created a Discord server where they claim to demonstrate how to use the “Unfilter” software.

What’s worse, the demo videos have received millions of views, while the server has been joined by a whopping 30,000 people, and the number is growing.

TikTok and Malware

TikTok has over one billion registered users, and the number is expected to reach 1.8 billion by the end of 2022. These stats not only make TikTok a social network giant, but also a lucrative target for cybercriminals.

In September 2020, In September 2020, TikTok users with followers exceeding 350,000 were found to be promoting adware applications through the platform. In the case of the Invisible Body Challenge, two TikTok users, reportedly @learncyber and @kodibtc, published videos on TikTok to promote the malicious Unfilter software.

What’s shocking is that these videos also contained the direct invite link to the Discord server set up by the scammers. At the time of writing, both accounts had been removed from TikTok.

In a comment to Hackread.com, Rick McElroy, Principal Cybersecurity Strategist at VMware said that,

“Given the user base of TikTok, this type of activity is not shocking.” “This reminds me of the aging app that many people used and the data wound up in Russia,” added Rick.

Rick also warned that users especially the youth should not trust third-party apps and should be aware of how much access TikTok has to their data and mobile device based on their end-user license agreement (EULA) and make smart choices when it comes to privacy and security.”

TikTok Users Beware!

The best defense against such scams is common sense. However, since the attack is ongoing, TikTokers are urged to be on the lookout and keep their app up-to-date with the latest security updates. This will help ensure that any vulnerabilities in the system have been patched so that they no longer pose a threat to users.

Nevertheless, be aware of suspicious links or messages sent through direct messages or group chats; malware is typically spread through these types of communication channels. It’s best to avoid clicking on any suspicious links and never download files that you don’t trust or recognize as coming from a trusted source.