The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned against participating in the #invisiblechallenge trend on short-form video hosting service TikTok to avoid potential risks as it exposes devices to information-stealing malware.
The Invisible Challenge is another popular trend on TikTok that involves encircling a supposedly naked person with a body contouring filter that is somewhat transparent.
According to an NCC-CSIRT advisory, threat actors are taking advantage of the popular TikTok challenge to spread the WASP (or W4SP) stealer, a malware that steals information.
As this TikTok challenge is becoming a growing trend, some attackers have begun sending out links to software, which unknowingly is the WASP (or W4SP) stealer, that they claim can help reverse the filter’s effects.
The WASP stealer, a persistent malware hosted on Discord and undetectable, according to its developers, has a high possibility of causing significant damage.
According to a statement seen by Technext, the NCC said,
Those who click on the link and attempt to download the software, known as “unfilter,” are infected with the WASP stealer. Suspended accounts had amassed over a million views after initially posting the videos with a link. Following the link leads to the “Space Unfilter” Discord server, which had 32,000 members at its peak but has since been removed by its creators.
This is not the first time the short-form video app TikTok has been linked to a danger of malware attacks. The cybercrime office Maharashtra Cyber in India issued a warning in June 2020 about malicious phoney TikTok URLs.
In July 2022, Brendan Carr, the FCC commissioner, urged the CEOs of Apple and Google to remove TikTok from their app stores because the app’s vast data collection posed an unacceptable national security risk.
Although the risk of malware is very high in the internet world, it is crucial to comprehend the capabilities of this software.
How does the TikTok malware work?
According to the statement, this malware works like every other malware software. Once you click the link, it downloads a file or program, and upon a successful installation, the malware has access to all the information on the devices where it is installed.
Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity may also be harvested by secretly monitoring user behaviour.
This malware may be capable of covertly collecting screenshots and video recordings or the ability to activate any connected camera or microphone. This shows how impactful it can be for any individual.
How to avoid malware scams
However, by using a few creative safeguards when surfing online or watching a video, this can be prevented. Some strategies for preventing such an attack include
- Avoid clicking on suspicious links.
- Use anti-malware software on your devices.
- Always check the app tray and remove any apps you do not remember installing.
- Use strong password hygiene practices, such as using a password manager.
About the NCC-CSIRT
The NCC established the CSIRT as the telecom sector’s cyber security incidence centre to focus on occurrences that may impact telecom users and the general public. It is in collaboration with ngCERT.
The Federal Government formed the Nigerian Computer Emergency Response Team (ngCERT) to lower the frequency of future computer risk incidents by planning, safeguarding, and securing Nigerian cyberspace to prevent assaults, difficulties, or related events.
Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!