The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned that there’s potential harm in using TikTok.
The commission specifically warned Nigerians taking part in the Invisible Challenge on short-form video hosting services.
NCC explained that the Invisible Challenge on TikTok exposes users’ devices to Information-Stealing Malware.
ATTENTION: Click “HERE” to join our WhatsApp group and receive News updates directly on your WhatsApp!
The NCC-CSIRT advisory revealed that threat actors had taken advantage of a viral TikTok challenge, known as the Invisible Challenge.
It stated that their mission was to disseminate an information-stealing malware known as the WASP (or W4SP) stealer.
According to the developer, the WASP stealer, which is high in probability with critical damage potential, is a persistent malware hosted on discord that is undetectable.
Meanwhile, the advisory read:
“The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers upload videos to TikTok with a link to software that they claim can reverse the filter’s effects.
“Those who click on the link and attempt downloading the software, known as ‘unfilter,’ are infected with the WASP stealer. Suspended accounts had amassed over a million views after initially posting the videos with a link.
“Following the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak but has since been removed by its creators.”
NCC also explained further that successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed.
The advisory read again:
“It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity. This malware may be capable of covertly collecting screenshots, video recordings or the ability to activate any connected camera or microphone.”
According to the team, avoiding clicking on suspicious links, using anti-malware software on your devices, checking the app tray and uninstalling any apps you do not remember installing or that are inactive, and adopting good password hygiene practices, such as using a password manager, are some ways to prevent such an attack.
