Hackers are always coming up with clever ways to exploit the latest trends, and the latest example leverages a popular TikTok challenge to trick unsuspecting users into installing malware on their devices.
A threat actor, who first gained popularity on the hacker idea-sharing forum GitHub by soliciting upvotes for a “project” from new users, clearly saw a way to capitalize on the saucy TikTok dare – by pretending to offer users of a salacious bent the chance to remove the video effect and play the peeping Tom online.
Victims are encouraged to download a piece of software that will remove the filter. However, the software is fake and they actually found a piece of malware called “WASP Stealer (Discord Token Grabber)” that used Discord account details, stored credit cards, passwords, cryptocurrency wallets, and other computer files, according to . to security firm CyberSmart.
“The level of manipulation used by software supply chain attackers is increasing, as attackers become increasingly clever,” said Nachshon. “It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity, or simply uses a different name.”
Both GitHub and TikTok were quick to remove the accounts promoting the scheme from their platforms. However, the threat actors seem to have made a quick return, using different account and project names.