TikTok challenge spreads malware.

Attackers are exploiting a popular TikTok challenge to distribute malware, according to researchers at Checkmarx.

Attackers claim to be able to expose nude TikTok users.

A trending TikTok challenge involves posing naked using a filter called “Invisible Body,” which replaces the user’s body with a blurred outline. Attackers capitalized on this by purporting to offer another filter that could remove the Invisible Body filter and expose the user’s naked body. This filter is fake, and will install the WASP stealer malware.

Malware campaign goes viral.

The researchers observed that more than 30,000 users have joined the attackers’ Discord server so far. BleepingComputer notes that the GitHub repo hosting the malicious code achieved a trending status on GitHub.

Checkmarx concludes, “The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever. It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity or simply uses a different name. These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”