Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware. It leaves behind a silhouette of the person's body.
But the fact that individuals filming such videos could be undressed has led to a nefarious scheme wherein the attackers post TikTok videos with links to rogue software dubbed "unfilter" that purport to remove the applied filters.
"Instructions to get the 'unfilter' software deploy WASP stealer malware hiding inside malicious Python packages," Checkmarx researcher Guy Nachshon said in a Monday analysis.
The WASP stealer (aka W4SP Stealer) is a malware that's designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.
The TikTok videos posted by the attackers, @learncyber and @kodibtc, on November 11, 2022, are estimated to have reached over a million views.
The accounts have been suspended.