The NCC’s CSIRT is an expert group that handles computer security incidents.
There is a potential harm in taking part in the invisible challenge of short-form video hosting service, TikTok, Nigerian Communications Commission has said.
The NCC’s Computer Security Incident Response Team or NCC-CSIRT has warned that taking part in such challenges on TikTok exposes devices to Information-Stealing Malware.
The NCC’s CSIRT is an expert group that handles computer security incidents.
A statement by NCC's Director, Public Affairs, Reuben Muoka, said that threat actors have taken advantage of a viral TikTok challenge, known as the Invisible Challenge, to disseminate an information-stealing malware known as the WASP (or W4SP) stealer.
According to NCC-CSIRT advisory note, those who “click on the link and attempt to download the software, known as ‘unfilter’ are infected with the WASP stealer”.
The advisory reads, “The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.
“Those who click on the link and attempt to download the software, known as “unfilter,” are infected with the WASP stealer. Suspended accounts had amassed over a million views after initially posting the videos with a link.
“Following the link leads to the “Space Unfilter” Discord server, which had 32,000 members at its peak but has since been removed by its creators.
“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed.
“It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity. This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”
According to CSIRT, such attacks can be prevented by avoiding clicking on suspicious links, using anti-malware software on devices, and removing any apps that the user does not remember installing, among others.