Social Media

This Popular TikTok Trend is Spreading Malware to Phones

Checkmarx research shows that threat actors use a Popular TikTok Trend challenge to get people to download software that steals information.

This trend is call the “Invisible Challenge,” It uses a filter called “Invisible Body,” which only shows the person’s silhouette.

But the fact that people in these videos might be naked led to a bad plan where attackers post TikTok clips with links to fake software called “unfilter,” which claims to remove filters.

“Instructions to get the “unfiltered” software hide WASP stealer malware inside malicious Python packages,” Checkmarx researcher Guy Nachshon said in an analysis on Monday.

WASP Stealer, also called W4SP Stealer, is a malware design to steal passwords, Discord accounts, and cryptocurrency wallets.

On November 11, 2022, more than a million people watched the TikTok videos of the attackers @learncyber and @kodibtc. Now, their accounts have been take away.

Indian Student Confesses Real Reason for Crashing a Wedding [Video]

Popular TikTok Trend

The video also has an invitation link to a server on Discord that the enemy ran. Before it was report and shut down, this server had almost 32,000 users. After joining the Discord server, victims got a link to a GitHub repository that hosted the malware.

Since then, the attacker has changed the name to “Nitro generator,” but not before it made it onto GitHub’s Trending repository lists for November 27, 2022. He also asked people on Discord to give the project a star.

The person who made the threat also changed the repository’s name and added new files to the project. “It’s open source, and it’s not a virus,” they said about the updated Python source code. Now, the GitHub account has been take away.

The code for the stealer was in several Python packages, such as “tiktok filter-api,” “pyshftuler,” and “pydesings.” When these packages were remove, the operators put up replacements on the Python Package Index (“PyPI”) with different names.

Noted Nachshon:

The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever. These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem.

 Nestle Fake Verified Account Spoiling The Brand Reputation Using Twitter $8 Subscription

Iqra Kanwal is Getting Engaged, Reveals Fiancé Face

Sidra Asim

Recent Posts

BISE Lahore Class 9, Matric Exam Dates revealed; details inside

Since the exams will take place during Ramadan in the next year, the Punjab Board…

2 weeks ago

Lahore Punjab college students protest against rape of student by security Guard

Students at Punjab College in Lahore staged protests in response to a student's rape, calling…

2 months ago

Sea View Karachi – Location, Attractions, and Much More

Sea View Karachi: Whether in Karachi for business or pleasure, you must visit the coastline…

6 months ago

Everything You Need to Know About Joyland Lahore

Joyland Lahore, Pakistan\'s largest amusement park, offers a wide variety of rides for visitors of…

6 months ago

10 Places To Find The Best Hotpot In Karachi

The hotpot trend has swept the food industry. Since its introduction two years ago, Pakistanis…

6 months ago

Ducky Bhai Response On Wife Deep Fake AI Video

Ducky Bhai Response On Wife Deep Fake AI Video: Ducky Bhai, also known as Saad…

8 months ago