The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned Nigerians against taking part in viral TikTok challenges.
NCC-CSIRT revealed in a statement on Tuesday that a trending challenge on TikTok exposes devices to Information-Stealing Malware.
According to an advisory from the NCC’s Computer Security Incident Response Team, NCC-CSIRT on Tuesday, December 6 shared by the Director, Public Affairs, NCC, Reuben Muoka, hackers had taken advantage of a viral TikTok challenge, known as the Invisible Challenge, to disseminate an information-stealing malware known as the WASP (or W4SP) stealer.
The WASP stealer, which is high in probability with critical damage potential, is a persistent malware hosted on discord that its developer claim is undetectable.
The advisory said “The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual.
TikTok has over 1.5 billion monthly active users in the third quarter of 2022 and Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects.
“Those who click on the link and attempt to download the software, known as “unfilter,” are infected with the WASP stealer. Meanwhile Suspended accounts had summative views over a million after initially posting the videos with a link. Following the link leads to the “Space Unfilter” Discord server which had 32,000 members at its peak but has since been removed by its creators.
“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed. This may also covertly monitor user behavior and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity.
The Team said some ways to forestall such an attack include avoiding clicking on suspicious links, using anti-malware software on your devices, checking the app tray and removing any apps that you do not remember installing or that is dormant and embracing healthy password hygiene practices such as using a password manager.
The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
The CSIRT also works collectively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to lessen the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or reoccurrence.