A new scam is targeting TikTokers in line with the new “invisible body” trend, where users film themselves naked with a filter that completely blurs their bodies.
Scammers are now capitalizing on the nudity trend by offering a bogus app that claims to be able to remove blur, but it actually does something else.
Instead of seeing naked bodies, users will download malware capable of getting passwords and credit cards stored in the user’s browser, files from their computer, cryptocurrency wallets and Discord accounts, security firm Checkmarx said in a report.
Watch the latest news on channel 7 or stream for free on 7plus >>
It reports that two TikTok users who have since been removed from the platform posted a video with a total of over 1 million views promoting a software application capable of “removing the invisible body of the filter” with a link to download it.
But the link takes users to a Discord server, where the scammer uploads unrelated NSFW videos that further trick the user into downloading the WASP Stealer (Discord token grabber) software.
The report states that the server, which has since been taken down, had about 32,000 users.
The #invisiblefilter hashtag currently has 27.3 million views. The short and viral nature of TikTok videos makes them an ideal platform to promote products quickly and effectively, including malware.
The security firm believes the scam is a sign of what’s to come in the new year for cyber threats.
“These attacks demonstrate once again that cyber attackers have begun to focus on the ecosystem of open source packages; We believe this trend will only accelerate in 2023,” Chekmarks said.
7NEWS.com.au has reached out to the Australian Cybersecurity Center for comment.
