Software to ‘Unfilter’ TikToks Infects Users With Malware

Digital thieves are using horny TikTok viewers’ thirst for nude images against them in a new malware attack.

The attack, discovered by researchers at security firm Checkmarx, attracts users by offering to remove a filter used by TikTokers engaging in the “Invisible Challenge.” Users taking part in the challenge post nude or mostly nude images of themselves on TikTok and then apply an invisibility filter to remove their body from the video, leaving only a ghostly blurry image in their wake. Preying on viewer’s curious impulses, the attackers offer up a so-called “unfilter” software they say can remove the filter. In reality, that “unfilter” download actually comes jam-packed with malware capable of stealing passwords, credit cards and other personal information.

Attackers cited in the Checkmarx report posted their own TikTok videos promoting software they claim could remove the invisible filter. Those videos included links to a Discord server where users could go and download the files. That server, called “Space Unfilter,” includes nude images uploaded by the attackers offered as proof that the unfilter tools works.

Users downloading the software believing they are about to see boobs inadvertently end up installing “WASP Stealer” malware hidden in a Python package. That malware can reportedly harvest a variety of personal information, ranging from credit card numbers and cryptocurrency wallets, to Discord account details. Checkmarx estimates more than 30,000 users joined the Discord server before it was removed.

“The high number of users tempted to join this Discord server and potentially install this malware is concerning,” Checkmarx Software Engineer Guy Nachshon said in a blog post. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”

The Invisible Challenge, which relies on a filter that acts as a type of green screen matching a user’s skin tone to their background, has existed for years, but recently gained renewed popularity. At the time of writing, the #invisiblefilter tag accumulated over 27 million views. All that attention makes the challenge fertile ground for attackers looking to catch pervy users with their pants down.

“By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it,” Cybersmart CEO and co-founder Jamie Akhtar​​ said in an interview with Forbes. “Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”

Digital thieves are using horny TikTok viewers’ thirst for nude images against them in a new malware attack.

The attack, discovered by researchers at security firm Checkmarx, attracts users by offering to remove a filter used by TikTokers engaging in the “Invisible Challenge.” Users taking part in the challenge post nude or mostly nude images of themselves on TikTok and then apply an invisibility filter to remove their body from the video, leaving only a ghostly blurry image in their wake. Preying on viewer’s curious impulses, the attackers offer up a so-called “unfilter” software they say can remove the filter. In reality, that “unfilter” download actually comes jam-packed with malware capable of stealing passwords, credit cards and other personal information.

Attackers cited in the Checkmarx report posted their own TikTok videos promoting software they claim could remove the invisible filter. Those videos included links to a Discord server where users could go and download the files. That server, called “Space Unfilter,” includes nude images uploaded by the attackers offered as proof that the unfilter tools works.

Users downloading the software believing they are about to see boobs inadvertently end up installing “WASP Stealer” malware hidden in a Python package. That malware can reportedly harvest a variety of personal information, ranging from credit card numbers and cryptocurrency wallets, to Discord account details. Checkmarx estimates more than 30,000 users joined the Discord server before it was removed.

“The high number of users tempted to join this Discord server and potentially install this malware is concerning,” Checkmarx Software Engineer Guy Nachshon said in a blog post. “These attacks demonstrate again that cyber attackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”

The Invisible Challenge, which relies on a filter that acts as a type of green screen matching a user’s skin tone to their background, has existed for years, but recently gained renewed popularity. At the time of writing, the #invisiblefilter tag accumulated over 27 million views. All that attention makes the challenge fertile ground for attackers looking to catch pervy users with their pants down.

“By offering a potential tool that could ‘unfilter’ the effect, threat actors prey on people’s curiosity, fear, and even their malicious side to download it,” Cybersmart CEO and co-founder Jamie Akhtar​​ said in an interview with Forbes. “Of course, by then, they’ll learn the attackers’ claims are false and malware is installed.”