• Tech - News - Mobile Tech
  • Updated: May 17, 2023

TikTokers: How Malware Could Be Stealing Users' Info

TikTokers: How Malware Could Be Stealing Users' Info

Tiktok Security Flaws

TikTok is a popular social media platform, and it is possible for malicious actors to use it to spread malware that can steal information from users.

Malicious actors can use phishing techniques to send malicious links to users, which can lead to the installation of malware on their devices. 

Malicious actors can also use malicious ads or posts to spread malware, which can be used to steal personal information such as passwords, credit card numbers, and other sensitive data. 

It has therefore become pertinent for users to be aware of the potential risks of using TikTok and to take steps to protect themselves, such as avoiding clicking on suspicious links or ads and using strong passwords and two-factor authentication.

Recall that sometime in December 2022, the Nigerian Communications Commission warned TikTok users about the operations of information-stealing malware. 

At that time, The NCC's Computer Security Incident Response Team (NCC-CSIRT) had warned about the potential harm of taking part in the ‘Invisible Challenge’ on short-form video hosting service, TikTok, while revealing that it exposed devices to information-stealing malware.

An advisory by the NCC-CSIRT declared that threat actors had taken advantage of the viral TikTok challenge to disseminate malware known as WASP (or W4SP) stealer. 

The commission, in a statement signed by its Director of Public Affairs, Reuben Muoka, yesterday, said the WASP stealer, which is high in probability, with critical damage potential, is a persistent malware ‘hosted in discord’ that its developer claim is undetectable.

According to the advisory: “The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual.

“Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.

“Those who click on the link and attempt to download the software, known as ‘unfilter,’ are infected with the WASP stealer.

“Suspended accounts had amassed over a million views after initially posting the videos with a link.

“Following the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak but has since been removed by its creators.

“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity and other information from devices where it is installed.

“It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programmes, websites visited, and financial activity.

“This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”

Related Topics

Join our Telegram platform to get news update Join Now
Eben Duru
Eben Duru

 My name is Eben and I am from Lagos, Nigeria. I am currently a writer at AllNews Nigeria. I’m...

More From this Author


cwg plc ICT

CWG Plc, formerly Computer Warehouse Group Plc was founded in 26 September 1991,...

airtel africa plc ICT

Airtel Africa is a leading provider of telecommunications and mobile money servi...

chams plc ICT

Chams PLC is Nigeria’s leading provider of integrated identity management ...


0 Comment(s)


See this post in...