Security News > 2022 > November > TikTok “Invisible Challenge” porn malware puts us all at risk
Researchers at secure coding company Checkmarx have warned of porn-themed malware that's been attracting and attacking sleazy internet users in droves.
The scam in this case claims to offer software that can reverse the effects of TikTok's Invisible filter, which is a visual effect that works a bit like the green screen or background filter that everyone seems to use these days in Zoom calls.
As you can probably imagine, this has led to sleazy online posts claiming to offer software that can reverse the effects of the Invisible filter after a video has been published, thus allegedly turning otherwise innocent-looking videos into NSFW porn clips.
As mentioned above, the malware seen by Checkmarx seems to have been a variant of a data stealing "Toolkit" variously known as WASP or W4SP that is disseminated via poisoned GitHub projects, and that budding cybercriminals can buy into for as little as $20. Often, GitHub-based supply chain attacks rely on malicious packages with names that are easily confused with well-known, legitimate packages that developers might download by mistake, and the aim of the attack is therefore to poison one or more development computers inside a company, perhaps in the hope of subverting that company's development process.
The malware unleashed in this case appears to have been intended to attack each victim individually, directly seeking out valuable data including Discord passwords, cryptocurrency wallets, stored payment card data, and more.
No one who installed this malware package would ever have upvoted it afterwards, given that the whole thing turned out to be a pack of lies.