Security News > 2022 > November > Hackers Using Trending TikTok 'Invisible Challenge' to Spread Malware
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
"Instructions to get the 'unfilter' software deploy WASP stealer malware hiding inside malicious Python packages," Checkmarx researcher Guy Nachshon said in a Monday analysis.
The WASP stealer is a malware that's designed to steal users' passwords, Discord accounts, cryptocurrency wallets, and other sensitive information.
Victims joining the Discord server subsequently receive a link to a GitHub repository that hosts the malware.
The attacker has since renamed the project to "Nitro-generator" but not before it landed on GitHub's Trending repositories list for November 27, 2022, by urging the new members on Discord to star the project.
"These attacks demonstrate again that cyber attackers have started to focus their attention on the open source package ecosystem."
News URL
http://thehackernews.com/2022/11/hackers-using-trending-invisible.html
Related news
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack antivirus updates to drop GuptiMiner malware (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- Iranian hackers pose as journalists to push backdoor malware (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)