TikTok is a popular social media platform, and it is possible for malicious actors to use it to spread malware that can steal information from users.
Malicious actors can use phishing techniques to send malicious links to users, which can lead to the installation of malware on their devices.
Malicious actors can also use malicious ads or posts to spread malware, which can be used to steal personal information such as passwords, credit card numbers, and other sensitive data.
It has therefore become pertinent for users to be aware of the potential risks of using TikTok and to take steps to protect themselves, such as avoiding clicking on suspicious links or ads and using strong passwords and two-factor authentication.
Recall that sometime in December 2022, the Nigerian Communications Commission warned TikTok users about the operations of information-stealing malware.
At that time, The NCC's Computer Security Incident Response Team (NCC-CSIRT) had warned about the potential harm of taking part in the ‘Invisible Challenge’ on short-form video hosting service, TikTok, while revealing that it exposed devices to information-stealing malware.
An advisory by the NCC-CSIRT declared that threat actors had taken advantage of the viral TikTok challenge to disseminate malware known as WASP (or W4SP) stealer.
The commission, in a statement signed by its Director of Public Affairs, Reuben Muoka, yesterday, said the WASP stealer, which is high in probability, with critical damage potential, is a persistent malware ‘hosted in discord’ that its developer claim is undetectable.
According to the advisory: “The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual.
“Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.
“Those who click on the link and attempt to download the software, known as ‘unfilter,’ are infected with the WASP stealer.
“Suspended accounts had amassed over a million views after initially posting the videos with a link.
“Following the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak but has since been removed by its creators.
“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity and other information from devices where it is installed.
“It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programmes, websites visited, and financial activity.
“This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”
0 Comment(s)
SPONSORED
HEADLINE
TRENDING