Creepy people who've installed software to "expose" nudes on TikTok have been tricked into having their credit card information stolen.
Security testing company Checkmarx discovered instances of the attack, which is still going on.
It targets people who join the "Invisible Challenge" on the platform in which said participants post mostly nude or fully nude videos of themselves before adding the "Invisible Body" filter, making the image completely blurry.
As a result, attackers were offering up "unfilter" software that claimed to remove the "invisible" glitter from TikTok videos.
However, it's actually malicious software that steals a whole bunch of personal information like credit cards, passwords, and more.
According to Checkmarx, since-deleted TikTok accounts@learncyber and @kodibtc shared videos on the platform promoting the software that would "remove" the filter.
Sign up to our free Indy100 weekly newsletter
The videos even provided a link to the Discord server "discord.gg/unfilter" for people wanting to get their hands on it.
Once people click on the link, Checkmarx said they are sent to the Discord server "Space Unfilter," and the attacker uploads not-safe-for-work content on there.
Afterwards, they receive a private message from a bot account called Nadeko that asks them to join a GitHub location 420World69/Tiktok-Unfilter-Api.
This is exactly where the program's code has hidden malware.
Before the discord server was officially taken down, Checkmarx believes at least 30,000 people joined in.
According to Checkmarx's software engineer Guy Nachshon, the company believes that the trend will increase in 2023 as cyber attackers continue to focus on the "open source package ecosystem."
The #InvisibleFilter tag on TikTok has over 27.5m views at the time of writing.
Indy100 reached out to Checkmarx via contact form.
Have your say in our news democracy. Click the upvote icon at the top of the page to help raise this article through the indy100 rankings.