NCC alerts cybercriminals using TikTok Challenge to infect your device with malware

*The Nigerian Communications Commission’s Computer Security Incident Response Team cautions consumers against the potential harm of participating in the Invisible Challenge on TikTok, offers practical measures to forestall such a cyberattack

Gbenga Kayode | ConsumerConnect

In a move to prevent telecoms consumers from falling victim, the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT),again, has warned of the potential harm of participating in the Invisible Challenge on short-form video hosting service, TikTok.

ConsumerConnect reports the NCC-CSIRT, in its latest advisory, noted that the TikTok Challenge could infect consumers’ devices with vulnerabilities while exposing such devices to information-stealing malware.

The NCC-CSIRT advisory said threat actors had taken advantage of a viral TikTok Challenge, otherwise known as the Invisible Challenge, to disseminate an information-stealing malware called the WASP (or W4SP) stealer.

Mr. Reuben Muoka, Director of Public Affairs at NCC, Tuesday, December 6, 2022, announced the Team noted that the WASP stealer, which is high in probability with critical damage potential, is a persistent malware hosted on discord that its developer claim is undetectable.

“The Invisible Challenge involves wrapping a somewhat transparent body contouring filter around a presumed naked individual.

“Attackers are uploading videos to TikTok with a link to software that they claim can reverse the filter’s effects,” said the advisory.

Why you should not participate in TikTok Challenge

The NCC-CSIRT advisory also disclosed that “those who click on the link and attempt to download the software, known as ‘unfilter’, are infected with the WASP stealer.

“Suspended accounts had amassed over a million views after initially posting the videos with a link.”

The Teams further stated: “Following the link leads to the ‘Space Unfilter’ Discord server, which had 32,000 members at its peak but has since been removed by its creators.

“Successful installation will allow the malware to harvest keystrokes, screenshots, network activity, and other information from devices where it is installed.

“It may also covertly monitor user behaviour and harvest Personally Identifiable Information (PII), including names and passwords, keystrokes from e-mails, chat programmes, websites visited, and financial activity.”

The telecoms regulatory Commission as well explained “this malware may be capable of covertly collecting screenshots, video recordings, or the ability to activate any connected camera or microphone.”

Measures to protect yourself against malware attack

According to the advisory, some ways to forestall such a cyberattack include avoiding clicking on suspicious links, using anti-malware software on your devices, checking app tray and removing any apps that you do not remember installing or that are dormant and embracing healthy password hygiene practices, such as using a password manager.

The CSIRT is the telecoms sector’s cybersecurity incidence centre set up by the NCC to focus on incidents in the telecoms sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.”