Security News > 2022 > November > Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
"Instructions to get the 'unfilter' software deploy WASP stealer malware hiding inside malicious Python packages," Checkmarx researcher Guy Nachshon said in a Monday analysis.
The WASP stealer is a malware that's designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.
Victims joining the Discord server subsequently receive a link to a GitHub repository that hosts the malware.
The attacker has since renamed the project to "Nitro-generator" but not before it landed on GitHub's Trending repositories list for November 27, 2022, by urging the new members on Discord to star the project.
"These attacks demonstrate again that cyber attackers have started to focus their attention on the open source package ecosystem."
News URL
http://thehackernews.com/2022/11/hackers-using-trending-invisible.html
Related news
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)