How TikTok's 'Invisible Body' Challenge Is Tricking Users Into Installing Malware

TikTok’s meteoric rise is due, in part, to viral challenges that spread on the social media platform. Some of these challenges are not only dumb, but down right dangerous. One of the more recent challenges revolves around a TikTok filter that masks people’s bodies with a blur of color intended to match the background. The new “Invisible Body” challenge dares TikTok users to record themselves partially or fully naked with the invisible filter applied to hide their nudity. While this challenge may be vain or ill-advised, it seems that it may also be somewhat dangerous, as threat actors are taking advantage of users’ curiosity to spread stealer malware.

Unsurprisingly, much of the buzz on TikTok around the invisible filter and the associated challenge consists of videos promoting various methods that promise the ability to remove the invisible filter, revealing users’ nudity. Even many of the TikTok creators who participate in the challenge perpetuate these claims to capture users’ attention. However, as far as we can tell, it isn’t possible to remove the invisible filter from a video to which it has already been applied.

Nonetheless, it appears that some TikTok users are willing to go down risky rabbit holes in pursuit of a method that successfully removes the invisible filter. As research by Checkmarx shows, threat actors are all too willing to exploit this curiosity to infect users’ devices with malware. Cybersecurity researchers came across videos posted by at least two TikTok accounts, promoting a method to remove the invisible filter. These videos had over one million views combined and directed viewers to a Discord server where they could supposedly learn how to use “unfilter” software.

This Discord server is no longer available, but it had around 32,000 members before it disappeared. The server contained illicit videos, which the threat actor claimed to have acquired by using the advertised unfilter tool. Upon first joining the server, users were greeted by a message instructing them to visit a GitHub repository containing the supposed unfilter software and award the repo with a star. By driving traffic and interactions to this repo, the threat actor managed to land the repo on the GitHub trending tab.

Unfortunately for anyone who downloaded the project files from this GitHub repo and followed the video or written instructions in the README file, the project listed a malicious Python package as a requirement. When run, the installation batch file automatically installed this malicious package. The researchers identified the malware within this package as the WASP stealer malware, which possesses the ability to swipe credit card information, cryptocurrency wallet codes, login credentials, and session tokens for various services, including Discord. The offending GitHub repo, TikTok accounts, and videos have since been removed, but TikTok users should still remain wary of any videos or GitHub repos promoting a way to remove the invisible filter.