Science and Technology

WASP Malware Takes Advantage Of The Tiktok Invisible Challenge To Steal Credentials

WASP Malware Takes Advantage Of The Tiktok Invisible Challenge To Steal Credentials

The WASP (or W4SP) Stealer is being installed on thousands of devices by hackers utilizing the popular Invisible body Challenge on TikTok.

Stay Connected And Informed! Follow Us On Instagram, Facebook, and Twitter

The software has the ability to take data from a victim’s computer as well as Discord accounts, passwords, and credit card information kept in cryptocurrency wallets and browsers.

The Nigerian Communications Commission’s Computer Security Incident Response Team also cautioned country residents from participating in the “Invisible Challenge” on the short-form video hosting platform TikTok since it exposes devices to information-stealing malware.

The Malware Trend On Tiktok

In the most recent TikTok challenge, the person filming it assumes a naked position and uses a unique video effect code – named Invisible Body challenge, promising that the full skin tone would be hidden by a background.

  • Attackers have shared links to false software named “unfilter” in TikTok videos, which promises to be able to remove the body-masking feature of the app and reveal users’ private bodies.
  • According to Checkmarx researchers, the videos were made by TikTok users who have since been suspended and contained an invite link to the Space Unfilter Discord server.
  • The WASP stealer, which is persistent malware hosted on Discord and has a high possibility of causing significant damage, is said to be undetected by its developers per NCC-CSIRT advisory.

These clips had over a million views, and immediately after they were published, one of the threat actor’s Discord servers gathered more than 30,000 users.

How It Operate?

When the victims sign up for the Discord server, a bot user named Nadeko posts a link directing them to a GitHub repository hosting the virus.

  • Even though it has subsequently been given a new name, the malicious repository has amassed 103 stars and 18 forks, earning it the rank of a trending GitHub project.
  • The project’s files contain a Windows batch file (.bat) that, upon execution, downloads a malicious Python package (WASP downloader), as well as a ReadMe file (requirements.txt), which provides a link to a YouTube instructional that explains how to install the TikTok unfilter tool.
  • Python packages hosted on PyPI were utilized by the attackers, including pyshftuler, tiktok-filter-api, pyiopcs, and pydesings, with new ones being uploaded whenever the older packages were discovered and taken down.

Using Github Projects As A Cover

  • In order to make their malicious package appear credible, the attackers on PyPI utilize the StarJacking attack technique to link it fraudulently to a respectable and well-known GitHub project.
  • Additionally, they plagiarize the description of the genuine package, alter it, and include a modification for WASP installation on the host.
  • Once PyPI has identified, detected, and deleted the attackers’ malicious infection line from the Python package, they relocate it to the requirements.txt.


The malicious “unfilter” packages in the GitHub repository have been switched out for Nitro generator files, and the attackers’ Discord server has been shut down. But what’s really concerning is how deftly attackers enticed and tricked people into joining the Discord server and potentially downloading malware. Users should exercise caution when obtaining anything from untrusted sites or following social media trends.

A portion of this article was taken directly from cyware.

Share your story with us! Email


Click to comment

Leave a Reply

𝙈𝙖𝙣𝙙𝙮 𝙉𝙚𝙬𝙨 𝙞𝙨 𝙮𝙤𝙪𝙧 𝙧𝙚𝙡𝙞𝙖𝙗𝙡𝙚 𝙨𝙤𝙪𝙧𝙘𝙚 𝙛𝙤𝙧 𝙩𝙝𝙚 𝙡𝙖𝙩𝙚𝙨𝙩 𝙣𝙚𝙬𝙨, 𝙚𝙣𝙩𝙚𝙧𝙩𝙖𝙞𝙣𝙢𝙚𝙣𝙩, 𝙨𝙥𝙤𝙧𝙩𝙨, 𝙖𝙣𝙙 𝙡𝙞𝙛𝙚𝙨𝙩𝙮𝙡𝙚 𝙪𝙥𝙙𝙖𝙩𝙚𝙨 𝙛𝙧𝙤𝙢 𝙖𝙧𝙤𝙪𝙣𝙙 𝙩𝙝𝙚 𝙬𝙤𝙧𝙡𝙙. 𝙒𝙚 𝙖𝙧𝙚 𝙙𝙚𝙙𝙞𝙘𝙖𝙩𝙚𝙙 𝙩𝙤 𝙙𝙚𝙡𝙞𝙫𝙚𝙧𝙞𝙣𝙜 𝙖𝙘𝙘𝙪𝙧𝙖𝙩𝙚, 𝙪𝙥-𝙩𝙤-𝙙𝙖𝙩𝙚, 𝙖𝙣𝙙 𝙚𝙣𝙜𝙖𝙜𝙞𝙣𝙜 𝙘𝙤𝙣𝙩𝙚𝙣𝙩 𝙩𝙤 𝙠𝙚𝙚𝙥 𝙮𝙤𝙪 𝙞𝙣𝙛𝙤𝙧𝙢𝙚𝙙 𝙖𝙣𝙙 𝙞𝙣𝙨𝙥𝙞𝙧𝙚𝙙. 𝙁𝙤𝙡𝙡𝙤𝙬 𝙪𝙨 𝙤𝙣 𝙨𝙤𝙘𝙞𝙖𝙡 𝙢𝙚𝙙𝙞𝙖 𝙛𝙤𝙧 𝙩𝙝𝙚 𝙡𝙖𝙩𝙚𝙨𝙩 𝙪𝙥𝙙𝙖𝙩𝙚𝙨.

𝗖𝗼𝗽𝘆𝗿𝗶𝗴𝗵𝘁 © 𝟮𝟬𝟮𝟯 𝗠𝗮𝗻𝗱𝘆 𝗡𝗲𝘄𝘀. 𝗔𝗹𝗹 𝗿𝗶𝗴𝗵𝘁𝘀 𝗿𝗲𝘀𝗲𝗿𝘃𝗲𝗱

To Top