W4SP information-stealing malware, according to the developer is undetectable
TikTok users in Nigeria have be warned by Computer Security Incident Response Team (NCC-CSIRT) of Nigerian Communications Commission about potential harm of indulging in the ‘Invisible Challenge’ on short-form video hosting service, TikTok. The Agency says participating in the challenge exposes devices to information-stealing malware.
NCC-CSIRT has said that threat actors have taken advantage of the viral TikTok challenge to share a deadly malware known as WASP (or W4SP) stealer.
The Director of Public Affairs, of the Commission, Reuben Muoka, released a statement, yesterday, to caution users. He said the WASP stealer, which is high in probability, with critical damage potential, is a persistent malware ‘hosted in discord’ that its developer claim is undetectable.
“The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual. Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.
“Those who click on the link and attempt to download the software, known as ‘unfilter,’ are infected with the WASP stealer. Suspended accounts had amassed over a million views after initially posting the videos with a link. Following the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak but has since been removed by its creators,” according to the advisory.
“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity and other information from devices where it is installed. It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programmes, websites visited, and financial activity. This malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”
The Team said some ways to forestall such an attack include avoiding clicking on suspicious links, using anti-malware software on your devices, checking app tray and removing any apps that you do not remember installing or that are dormant and embracing healthy password hygiene practices, such as using a password manager.
The CSIRT is the telecoms sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector as they may affect telecom consumers and citizens at large.
The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace.
 of Nigerian Communications Commission about potential harm of indulging in the ‘Invisible Challenge’ on short-form video hosting service, TikTok.){kind=link}