Security News > 2022 > November > TikTok ‘Invisible Body’ challenge exploited to push malware
Hackers are capitalizing on a trending TikTok challenge named 'Invisible Challenge' to install malware on thousands of devices and steal their passwords, Discord accounts, and, potentially, cryptocurrency wallets.
A new and trending TikTok challenge requires you to film yourself naked while using TikTok's "Invisible Body" filter, which removes the body from the video and replaces it with a blurry background.
To capitalize on this, threat actors are creating TikTok videos that claim to offer a special "Unfiltering" filter to remove TikTok's body masking effect and expose the TikTokers' nude bodies.
In a new report by cybersecurity firm Checkmarx, researchers found two TikTok videos posted by the attackers that quickly amassed over a million views combined.
Once the victims join the Discord server, they see a link posted by a bot pointing to a GitHub repository that hosts the malware.
The project files contained a Windows batch file that, when executed, installs a malicious Python package and a ReadMe file that links to a YouTube video containing instructions on installing the TikTok "Unfilter" tool.