Who sins more, the tempter or the tempted? The old conundrum seems appropriate to a cyber scam recently uncovered on TikTok – promising gullible users to “unfilter” blurred images of naked people on the social media platform to trick them into downloading malicious software.
The ploy was revealed by Checkmarx, whose investigator Guy Nachshon became wise to it after spotting the “Invisible Challenge” on the popular platform, in which a person filming a selfie poses naked while using a blurring digital video effect.
“This effect removes the character’s body from the video, making a blurred contour image of it,” said Nachshon, writing on the Checkmarx blog.
A threat actor, who first gained popularity on an open-source online software development platform GitHub by soliciting upvotes for a “project” from new users, clearly saw a way to capitalize on the saucy TikTok dare – by pretending to offer users of a salacious bent the chance to remove the video effect and play the peeping Tom online.
Victims of lust?
“The TikTok users @learncyber and @kodibtc posted videos on TikTok (over 1,000,000 views combined) to promote a software app able to ‘remove filter invisible body’ with an invite link to join a Discord server to get it,” said Nachshon.
Once the gullible – and dare we say rather desperate? – victim has clicked on the invite, they are redirected to the Discord server “space unfilter” page, complete with risqué videos uploaded by the threat actor, purportedly the result of the nude-creating software.
Nachshon described this as “an attempt to include sample videos as proof to trick users [to] agree to install his software.”
What the unscrupulous victim gets instead is a dose of the cyber clap – in this case, a .bat script that installs a repurposed and malicious Python program on their device. Luckily for the more depraved internet users out there, Checkmarx has reported the program and had it removed – although it warns this does not necessarily mean an end to the “unfiltered” scam.
Playing hard to get
“The level of manipulation used by software supply chain attackers is increasing, as attackers become increasingly clever,” said Nachshon. “It seems this attack is ongoing, and whenever the security team at Python deletes his packages, he quickly improvises and creates a new identity, or simply uses a different name.”
Nachshon added that the threat actor had risen to prominence within the software developer community in a relatively short space of time. “He earned his status as a trending GitHub project by asking every new member on his server to ‘star’ his project,” said Nachshon. “The high number of users tempted to join this Discord server and potentially install this malware is concerning.”
Concerning, indeed, but perhaps not altogether surprising.
More from Cybernews:
Subscribe to our newsletter