The “Invisible Challenge” on the short-form video hosting site TikTok could be harmful, according to the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT), which claims that it exposes devices to malware that steals information.
According to a warning from the NCC-CSIRT, threat actors have used the popular TikTok challenge as a vehicle to spread the WASP (or W4SP) stealer malware.
The WASP stealer is a persistent malware “hosted in discord,” according to its developers, and is very probable to cause catastrophic damage, according to a statement released by the commission yesterday and signed by its Director of Public Affairs, Reuben Muoka.
The warning stated that the Invisible Challenge entails surrounding a presumedly naked person with a body contouring filter that is partly transparent. Attackers are posting movies on TikTok that contain a link to a piece of software they claim may undo the effects of the filter.
The WASP stealer is spread to anyone who clicks on the URL and tries to download the program known as “unfiltered.” Over a million views on suspended accounts were accumulated after the videos were first posted with a link. The ‘Space Unfilter’ Discord server, which had 32,000 users at its peak but has since been shut down by its developers, can be reached by clicking the link.
The malware will be able to gather keystrokes, screenshots, network activity, and other data from devices where it is installed if the installation is successful. Additionally, it may stealthily observe user behavior and gather Personally Identifiable Information (PII), such as usernames and passwords, keystrokes from emails and chat applications, websites visited, and financial activities. This malware may be able to secretly record videos, take screenshots, or turn on any attached cameras or microphones.
According to the Team, avoiding clicking on suspicious links, using anti-malware software on your devices, checking your app tray and removing any apps you don’t remember installing or that are dormant, and adopting good password hygiene practices, like using a password manager, are some ways to thwart such an attack.
The NCC established the CSIRT as the telecom industry’s cyber security incident center to focus on occurrences that may have an impact on telecom users and the general public.
Additionally, the CSIRT collaborates with the Federal Government-established Nigerian Computer Emergency Response Team (ngCERT) to prepare, safeguard, and secure Nigerian cyberspace to lessen the frequency of future computer risk situations.