NCC warns TikTok users of viral challenge used in stealing information


The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned Nigerians against taking part in viral TikTok challenges.

NCC-CSIRT revealed in a statement on Tuesday that a trending challenge on TikTok exposes devices to Information-Stealing Malware.

TikTok has over 1.5 billion monthly active users in the third quarter of 2022.

The NCC-CSIRT team revealed that through the viral TikTok challenge, invisible challenge, threat actors are spreading information-stealing malware known as the WASP (or W4SP) stealer.

The advisory said,“The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual.

“Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.

“Those who click on the link and attempt to download the software, known as ‘unfilter,’ are infected with the WASP stealer.

“Suspended accounts had amassed over a million views after initially posting the videos with a link.”

The NCC explained that the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak, but has since been removed by its creators.

“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed.

“It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity,” it added.

The malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.

The team urged users to avoid clicking on suspicious links, using anti-malware software on their devices.

NCC also advised they should check app tray and remove apps that they did not install.