“Invisible Challenge” on TikTok exposes devices to data-stealing malware, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) stated.
An advisory by the NCC-CSIRT explains: “The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects. Those who click on the link and attempt to download the software, known as ‘unfilter,’ are infected with the WASP stealer.”
According to the advisory, the WASP stealer is able to obtain Personally Identifiable Information, including names, passwords, financial activity, as well as to collect screenshots, video recordings, or to activate any connected camera or microphone.
“Suspended accounts had amassed over a million views after initially posting the videos with a link. Following the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak but has since been removed by its creators,” the advisory elaborated.
Given the computer virus's broad scope, the NCC-CSIRT listed a number of precautions such as avoiding clicking on untrusted links, checking the app tray and deleting any apps you don’t remember installing, as well as using anti-malware software and a password manager.
The cyber security incidence center NCC-CSIRT collaborates with the Federal Government's Nigerian Computer Emergency Response Team (ngCERT), aiming to prevent computer risk incidents by preparing, protecting, and securing Nigerian cyberspace.