NCC warns against participating in viral TikTok challenge

By: IBK

December 6, 2022

Explainers

3 minute read

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned against participating in the #invisiblechallenge trend on short-form video hosting service TikTok to avoid potential risks as it exposes devices to information-stealing malware.

The Invisible Challenge is another popular trend on TikTok that involves encircling a supposedly naked person with a body contouring filter that is somewhat transparent.

According to an NCC-CSIRT advisory, threat actors are taking advantage of the popular TikTok challenge to spread the WASP (or W4SP) stealer, a malware that steals information.

As this TikTok challenge is becoming a growing trend, some attackers have begun sending out links to software, which unknowingly is the WASP (or W4SP) stealer, that they claim can help reverse the filter’s effects.

This is not the first time the short-form video app TikTok has been linked to a danger of malware attacks. The cybercrime office Maharashtra Cyber in India issued a warning in June 2020 about malicious phoney TikTok URLs.

In July 2022, Brendan Carr, the FCC commissioner, urged the CEOs of Apple and Google to remove TikTok from their app stores because the app’s vast data collection posed an unacceptable national security risk.

Although the risk of malware is very high in the internet world, it is crucial to comprehend the capabilities of this software.

How does the TikTok malware work?

According to the statement, this malware works like every other malware software. Once you click the link, it downloads a file or program, and upon a successful installation, the malware has access to all the information on the devices where it is installed.

Personally Identifiable Information (PII), including names and passwords, keystrokes from emails, chat programs, websites visited, and financial activity may also be harvested by secretly monitoring user behaviour.

This malware may be capable of covertly collecting screenshots and video recordings or the ability to activate any connected camera or microphone. This shows how impactful it can be for any individual.

How to avoid malware scams

However, by using a few creative safeguards when surfing online or watching a video, this can be prevented. Some strategies for preventing such an attack include

Avoid clicking on suspicious links.
Use anti-malware software on your devices.
Always check the app tray and remove any apps you do not remember installing.
Use strong password hygiene practices, such as using a password manager.

About the NCC-CSIRT

The NCC established the CSIRT as the telecom sector’s cyber security incidence centre to focus on occurrences that may impact telecom users and the general public. It is in collaboration with ngCERT.

The Federal Government formed the Nigerian Computer Emergency Response Team (ngCERT) to lower the frequency of future computer risk incidents by planning, safeguarding, and securing Nigerian cyberspace to prevent assaults, difficulties, or related events.