TikTok Challenge Encourages Mischievous Behavior With Malicious Malware
By: Jim Stickley and Tina Davis
January 16, 2023
To say that TikTok is a global phenomenon is to drastically understate the popularity of this social media platform. With over 1 billion users spread across 154 countries, it is highly unlikely that cybercriminals would ignore the potentially fertile ground of TikTok for long; and this has proven to be the case.
Threat actors are using the popular TikTok “Invisible Challenge” to encourage users to download information-stealing malware. This is according to researchers from CheckMax. The challenge requires that the user download a filter to render their bodies invisible or blurred. However, malicious coders have released video links to “unfiltering” software they claim will remove TikTok’s filters and reveal the naked bodies of those in TikTok videos posted in response to the challenge.
The malicious links are spreading rapidly and unfortunately for those who wish a sneak peak of TikTok users. There are reports that the videos have received over one million TikTok views in only a few days. The videos were released on November 1st, 2022.
What happens if you decide to be a little mischievous? Accessing the instructional videos related to the non-existent unfiltering software deploys info-stealing malware.
The video contains a link inviting the user to click. It sends them to a Discord server named “Unfilter Space.” This is controlled by the attackers. Once the users join the server, they receive a link to the GitHub repository that hosts the malware. Analysts have reported that 32,000 members had joined the Discord server prior to it being deleted. Once this server was deleted the GitHub repository name was changed to 42World69/Nitro-generator and the scam continued. It is apparent that once a package is deleted, it is almost immediately replaced by one that employs a different identity living to make your money disappear again.
The malicious code takes over the victim’s Discord accounts and allows access to passwords, crypto wallets, and credit card details. It will also provide bad actors with access to other sensitive data on the target's PC. This data is then forwarded to the attacker.
The malicious action seems to be financially motivated, with the threat actor charging $20 for the malware.
TikTok users should exercise care when accessing information of this type. While challenges can be fun, it means they are also great for attackers to use against the participants. Often, these challenges are not in the user’s best interest to be an early adopter. It’s safer to wait a little bit and see how these scenarios play out before donning the invisibility cloak.