The Nigerian Communications Commission’a (NCC) Computer Security Incident Response Team (CCIRT) has warned Nigerians that the TikTok viral challenge exposes devices to Information-Stealing Malware.
The warning was contained in an advisory issued on Tuesday by NCC Director of Public Affairs Reuben Muoka, who stated that threat actors used the ‘Invisible Challenge’, a viral TikTok challenge, to spread the WASP (or W4SP) stealer.
“The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects,” the advisory read in part.
“Those who click on the link and attempt to download the software, known as “unfilter,” are infected with the WASP stealer. Suspended accounts had amassed over a million views after initially posting the videos with a link.
Following, the link leads to the “Space Unfilter” Discord server, which had 32,000 members at its peak but has since been removed by its creators.
“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed.
“It may also covertly monitor user behaviour and harvest Personally Identifiable Information, including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity.
“This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”
The NCC established the CSIRT, the telecom sector’s cyber security incident center, to focus on incidents in the telecom sector that may affect telecom consumers and citizens at large.
It also collaborates with the Federal Government’s Nigerian Computer Emergency Response Team to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to prevent attacks, problems, or related events.