According to a report by cybersecurity firm, Checkmarx, the hackers are exploiting the trending ‘Invisible Body Challenge’ to get people to download data-stealing malware. The trend uses a filter that shows the person filming himself as a blurred and contour image, giving an impression of a naked body.
The Exploitation of the Invisible Body Challenge
The hackers are using a software called ‘unfilter,’ which claims that it is able to remove the TikTok filters and expose people’s naked bodies. The hackers have also posted their TikTok videos with links to the fake software. Jamie Akhtar, CEO, and co-founder of CyberSmart, in a statement, “By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it. Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”
Guy Nachson, the supply chain security researcher at Checkmarx, said that the hackers’ videos reached more than a million views in only a few days, and the GitHub repo hosting the attacker’s code was listed on GitHub’s daily trending projects. Moreover, around 30,000 or more members have joined the Discord server created by the attackers, which is continuously increasing.
How Does it Work?
Upon clicking the link to the malicious software, people automatically join the discord server, where they are shown naked videos of people allegedly resulting from the “unfilter” software. The researchers said that it is a concerning example of how attackers manipulate social media and the software supply chain. Jamie said, “By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it. Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”