San Francisco: Hackers have exploited TikTok’s “Invisible Body Challenge” in order to spread malware that can steal passwords and credit card details, the media reported.
According to Forbes, a trending challenge on TikTok involves users filming themselves naked while using an effect called “Invisible Body” which removes the body from the video and replaces it with a blurry background.
Hackers were taking advantage of this trend by posting videos offering to remove the filter, tricking people into thinking they will see naked bodies instead.
However, all they received in return was a piece of malware capable of stealing Discord accounts, as first discovered by security firm Checkmarx.
The victims were encouraged to download a piece of software that will supposedly remove the filter.
However, the software was fake and they only received a piece of malware called “WASP Stealer (Discord Token Grabber)”, which gathers information from discord accounts, credit cards, passwords and cryptocurrency wallets, according to security firm CyberSmart.
“The short and shareable format of TikTok’s videos means content can quickly go viral, attracting thousands, if not millions, of eyeballs in a short span of time,” Jamie Akhtar, CEO and co-founder of CyberSmart, was quoted as saying.
“It is no wonder then that cybercriminals will be keen to jump on these trends as a vehicle for their scams,” he added.
Currently, TikTok officially has over 1 billion monthly active users. A TikTok user spends an average of 95 minutes per day (over 1.5 hours) on the platform.