Security researchers have raised concerns about the personal risks of participating in the Invisible Challenge, a viral TikTok challenge that involves a person filming themselves naked while using an effect called Invisible Body that removes the body from the video.

This is because threat actors have exploited it with a reported unfilter software that is meant to show the nudes but in reality, targets users to spread data-stealing malware.

The challenge has piqued the interest of malicious actors, who are using it to distribute data-stealing malware disguised as a software app called Unfilter, which claims to allow users to view original, uncensored videos.

According to Checkmarx security researchers, soon after the Invisible Challenge became popular, miscreants began posting TikTok videos with links to fake “unfilter” software that claims to remove the invisible filter and reveal the naked video creator.

WASP Stealer (Discord Token Grabber), an infostealer that targets Discord accounts, other credentials, and credit card data stored in victims’ web browsers, cryptocurrency wallets, and other files, is installed by the unfilter software. The campaign appeared to be linked to other malicious Python packages, and some of the code may have been stolen from a legitimate package via StarJacking, which involves hijacking the legitimate package’s GitHub Stars rating to make it appear more popular than it is.

The sources for this piece include an article in TheRegister.