Information theft is the goal of TikTok Challenge - NCC

Information theft is the goal of TikTok Challenge – NCC

#invisiblechallenge on short-form video hosting site TikTok could expose devices to information-stealing malware, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) advised.

The Invisible Challenge on TikTok involves encircling a subject who is supposed to be naked with a partially see-through body contouring filter.

According to an NCC-CSIRT caution, threat actors are using the popular TikTok challenge to distribute the information-stealing malware known as WASP Stealer.

Read also: The NCC CSIRT Discovers Malware That Targets Banking Applications

Why will this lead to Information theft?

As this TikTok challenge gains popularity, some attackers have started disseminating links to the software they say may counteract the filter’s effects but which really contains the WASP stealer.

According to its developers, the WASP stealer is an undetected, persistent piece of malware that is housed on Discord and has a high probability of doing serious damage.

The NCC said that WASP stealer targets anyone who visits the link and downloads “unfilter.” After publishing them with a link, suspended accounts’ videos garnered over a million views. The URL connects to the defunct “Space Unfilter” Discord server, which had 32,000 users at its peak.

The short-form video app TikTok has already been connected to the risk of malware assaults. The fraudulent, phony TikTok URLs were the subject of a June 2020 notice from India’s Maharashtra Cyber, which deals with cybercrime. 

Brendan Carr, the FCC commissioner, requested that TikTok be removed from the Apple and Google app stores in July 2022 because the software’s extensive data collection created an unacceptable national security risk. 

The capabilities of this program must be understood despite the fact that there is a very significant danger of viruses in the online world.

How does TikTok malware operate? 

The company claims that this virus operates similarly to every other piece of malicious software. As soon as you click the link, a file or program is downloaded, and after it has been installed successfully, the virus has access to all the data on the devices where it is present.

Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity, may also be harvested by secretly monitoring user behaviour.

This malware may be capable of covertly collecting screenshots and video recordings or having the ability to activate any connected camera or microphone. This shows how impactful it can be for any individual.

Financial phishing, cyberattacks surge In Kenya and Nigeria

How to prevent TikTok malware fraud 

However, this may be avoided by taking a few inventive precautions when online or while viewing a movie. Some methods for stopping such an assault include 

  • Don’t click on any shady links. 
  • On your devices, install anti-malware software.
  • Any programs you don’t recall downloading should always be deleted from the app tray. 
  • Use strong password hygiene practices, such as using a password manager.

 

About the NCC-CSIRT 

The NCC founded the CSIRT as the telecom firm’s cyber security incident center to concentrate on situations that might have an effect on telecom consumers and the wider public. It works with ngCERT. 

The Nigerian Computer Emergency Response Team (ngCERT) was established by the Federal Government to reduce the frequency of upcoming computer risk situations by organizing, protecting, and securing Nigerian cyberspace to avoid attacks, challenges, or associated events.