The Nigerian Communications Commission has warned about the potential harm of taking part in the ‘Invisible Challenge’ on video hosting service, TikTok, revealing that it exposes devices of Nigerians to Information-Stealing Malware.
According to an advisory from the NCC's Computer Security Incident Response Team, NCC-CSIRT on Tuesday, December 6 shared by the Director, Public Affairs, NCC, Reuben Muoka, hackers had taken advantage of a viral TikTok challenge, known as the Invisible Challenge, to disseminate an information-stealing malware known as the WASP (or W4SP) stealer.
The WASP stealer, which is high in probability with critical damage
potential, is a persistent malware hosted on discord that its developer
claim is undetectable.
The advisory said, “The Invisible Challenge involves wrapping a somewhat
transparent body contouring filter around a presumed naked individual.
Attackers are uploading videos to TikTok with a link to software that
they claim can reverse the filter’s effects.
“Those who click on the link and attempt to download the software, known
as “unfilter,” are infected with the WASP stealer. Suspended accounts
had amassed over a million views after initially posting the videos with
a link. Following, the link leads to the “Space Unfilter” Discord
server, which had 32,000 members at its peak but has since been removed
by its creators.
“Successful installation will allow the malware to harvest keystrokes,
screenshots, network activity, and other information from devices where
it is installed. It may also covertly monitor user behaviour and harvest
Personally Identifiable Information, including names and passwords,
keystrokes from emails, chat programs, websites visited, and financial
activity. This malware may be capable of covertly collecting
screenshots, video recordings, or the ability to activate any connected
camera or microphone,” it explained.
The advisory said some ways to forestall such an attack included avoiding clicking on suspicious links, using anti-malware software on your devices, checking app tray and removing any apps that you do not remember installing or that are dormant and embracing healthy password hygiene practices such as using a password manager.
No comments:
Post a Comment