View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 29, 2022

TikTok ‘invisible body’ trend used by cybercriminals in malware campaign

The attack is the latest example of cybercriminals using open-source software to launch malware campaigns.

By Claudia Glover

A trending challenge on social media site TikTok is being manipulated by cybercriminals to implement a huge, ongoing malware campaign. The hackers used TikTok, GitHub and Discord to create a scam that promotes itself, with over 30,000 subscribers so far.

Discord, TikTok and Github used to scam victims on social media. (Photo by Ti Vla/Shutterstock)

A filter on social media app TikTok has been used to tempt tens of thousands of victims to deploy a WASP infostealer through instant messaging app Discord. WASP infostealers can steal credit card information, passwords, cryptocurrency wallets and Discord accounts from a user’s PC. 

‘Invisible body’ scam uses TikTok, Discord and GitHub to deploy malware

TikTok’s “Invisible Challenge” trend has seen millions of users post naked pictures of themselves online using the “invisible body” filter, which edits them out of the video. The #invisiblefilter tag has over 25 million views. Some TikTok users have expressed interest in finding a workaround to the filter so they could expose the naked bodies in the pictures. This interest is being exploited by cybercriminals. 

According to a report by security company Checkmarx, two TikTok users posted videos advertising software that could remove the invisible body filter, with an invite link to join a Discord server called where links to the software would be provided. The videos attracted over a million views between them. 

Once the user has been lured onto the Discord server, a bot account sends an automatic invite message with a request to access the GitHub repository 420World69/TikTok-Unfilter-Api. This GitHub repository masquerades as an open-source tool to remove the filter, but actually harbours malware. 

“We can’t say the exact number of people who ran the malware, but this is the first time we have seen this type of activity and publicity fly under the radar,” said Guy Nachson supply chain security researcher at Checkmarx.

“What alarms us most is [the] use of legitimate services – TikTok, Discord and GitHub. The attacker uses an open-source malicious code hosted on GitHub, uploaded his project onto GitHub and used a TikTok trend to trick people into using his malicious project. Further, he built a community around his project.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

It seems this attack is ongoing. Whenever the security team deletes his packages, the hacker improvises and creates a new identity, or simply uses a different name, continues the report. “The level of manipulation used by software supply chain attackers is increasing as attackers become increasingly clever,” Nachson told Recorded Future. 

“These attacks demonstrate again that cyberattackers have started to focus their attention on the open-source package ecosystem; We believe this trend will only accelerate in 2023.”

Read more: Twitter data breach worse than first thought, researchers claim

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.