The Invisible Filter Challenge is currently trending on TikTok, with over 27 million views for the #invisiblefilter hashtag. The challenge involves TikTokers recording themselves naked while using TikTok’s “Invisible Body” filter, which replaces their nude body with a blurred outline. The attackers claim their “unfilter” tool can remove the filter and reveal the naked bodies of TikTokers. However, according to UK cybersecurity company CyberSmart, the tool is actually a malware known as WASP Stealer. The malware allows attackers to access victims’ Discord account details, passwords, crypto wallets, credit card data, and other files on their devices.
Videos Promoting ‘Unfilter’ Have Over 1 Million Views
Checkmarx said two TikTok users, @learncyber and @kodibtc, posted videos on TikTok promoting the malicious app. The videos, which have over one million combined views, contain Discord invite links. If a user clicks on the link, they are invited to join the ‘Space Unfilter’ Discord server. The server, which reportedly has over 30,000 members, contains NSFW videos uploaded by the attackers as proof that their “unfilter” tool works. According to Checkmarx, a bot account called Nadeko automatically sends new users a private message requesting they star the GitHub repository hosting the app. As a result, the GitHub repository has 103 stars and 17 forks, lending legitimacy to the app. In fact, the repository is a trending GitHub project. However, a close inspection of the repository shows that it contains a malicious payload.
The WASP Malware
Checkmarx found that files in the “unfilter” tool contain the WASP malware execution code. The malware was reportedly created in October. This month, other cybersecurity companies, including CheckPoint and Phylum, have reported their findings on WASP, which is spread through malicious Python packages. The malware harvests information from victims’ devices and sends it to the attackers through a hard-coded Discord webhook address. The malware developer is reportedly selling WASP for $20 and accepts payment via crypto or gift cards. According to Checkmarx, the attackers exploiting WASP to snare TikTok users have repeatedly reinvented themselves to keep the attack alive. “It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity or simply uses a different name,” Checkmarx explained. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.” To learn how to protect yourself from such malware, we recommend reading our article on Trojans. We also recommend reading about BloodyStealer, a malware that targets gaming platforms.