Pages

Hackers are targeting the "Invisible Body" trend on TikTok to spread malicious software

ByteDance’s famous short video platform, TikTok, being one of the fastest-growing applications, is now being eyed by hackers to carry out their malicious campaigns.

According to the latest report from Checkmarx, a cyber security company, the wild TikTok trend "Invisible Challenge" is being used by hackers to lure in victims through malware and get access to their files, including online saved credentials for other applications such as Discord or virtual currency wallets.


The trend encourages users to go all naked and get their bodies blurred with the help of the Invisible Body Filter; hackers take advantage and offer software that can remove the effect of the filter so they can get their hands on TikToks featuring naked bodies.

But in reality, it’s just a trap being set by the malware operator, as they disguise the malware as a filter, and whenever the user installs it, the data gets compromised.

TikTok was used to spread the malware. Two accounts, which were later taken down by the app regulators, posted a short video promoting the apparent filter removal hack. The accounts shared the Discord handle for a server through which users could install the bug. According to the report, the discord server before it was deleted hosted almost 32 thousand users.

The malware consists of two files, a batch file and a readme file, which were further connected by a YouTube channel that posted a guide through the whole process.

According to the report, despite getting removed multiple times, the malicious campaigns still keep going as the man behind them keeps changing the coding through numerous methods. The report further predicted that this type of malicious campaigning would spike in the upcoming year.

It is expected that the hackers have changed their campaign from offering filters that remove blurring filters to other offers that can lure more users toward the rigged software.

Though the servers associated with it have been removed by the respective authorities, the group behind it keeps creating new groups and servers to carry on their campaign.

Read next: Here’s How Much Criminals Charge to Hack Your WhatsApp Account

No comments: