The Nigerian Communications Commission Computer Security Incident Response Team (NCC-CSIRT) has warned Nigerians not to participate in the viral TikTok challenges.
NCC-CSIRT revealed in a statement on Tuesday that a trending challenge on TikTok exposes devices to information-stealing malware.
TikTok has more than 1.5 billion monthly active users as of Q3 2022.
The NCC-CSIRT team revealed that through TikTok’s viral Invisible Challenge, threat actors are spreading information-stealing malware known as the WASP (or W4SP) stealer.
The ad read: “The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed nude individual.
“The attackers are uploading videos to TikTok with a link to software they claim can reverse the effects of the filter.
“Those who click on the link and try to download the software, known as “unfilter”, are infected with the WASP stealer.
“The suspended accounts accumulated over a million views after initially posting the videos with a link.”
The NCC explained that the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak, but has since been removed by its creators.
“Successful installation will allow the malware to collect keystrokes, screenshots, network activity, and other information from the devices where it is installed.
“It can also covertly monitor user behavior and collect personally identifiable information (PII), including names and passwords, email keystrokes, chat programs, websites visited, and financial activity,” it added.
The malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected cameras or microphones.
The team urged users to avoid clicking on suspicious links by using anti-malware software on their devices.
NCC also advised that they check the app tray and remove any apps they didn’t install.