Latest news with #CTM360
Zawya
5 days ago
- Business
- Zawya
CTM360 partners with Lesotho Communications Authority
Maseru, Lesotho: CTM360, a global leader in Digital Risk Protection, is proud to announce its strategic expansion in Africa through a formal partnership with Lesotho Communications Authority (LCA). This collaboration marks a significant milestone in advancing cybersecurity capabilities and strengthening digital infrastructure in the communications sector in Lesotho. A Memorandum of Understanding (MOU) has been signed between Mr. Mirza Asrar Baig, CEO of CTM360, and the CEO of LCA, Mr Nizam Goolam, laying the foundation for a joint initiative aimed at bolstering Lesotho's communications sector's defense against evolving cyber threats. The primary partnership empowers LCA with real-time threat visibility into cyber risks targeting Lesotho's Critical Infrastructure. Through CTM360's consolidated cybersecurity stack, the initiative will enable proactive detection, continuous monitoring, and mitigation of digital threats across the communications sector. Mirza Asrar Baig, CEO of CTM360, reaffirmed his dedication to the collaboration, ''This partnership signifies more than just cooperation, it is a joint commitment to safeguard Lesotho's Critical Infrastructure, which includes MNOs, ISPs, and other essential communication sectors. We are committed to co-developing a risk-based maturity model that will empower LCA to lead effective nationwide cybersecurity initiatives.'' This MoU also facilitates comprehensive external cybersecurity assessments for LCA and its licensees, leveraging CTM360's advanced threat intelligence and monitoring capabilities. These assessments will support both reactive and preventative strategies for managing cyber risks, thereby fostering a more resilient digital environment for the Communications Sector in Lesotho. The CEO of LCA, Mr Nizam Goolam, on the same note, expressed enthusiasm about the collaboration, expressing that, 'This partnership comes at a critical time as we navigate the complexities of a fast-evolving digital landscape. By joining forces with CTM360, we are taking a proactive step to strengthen the communication sector's cybersecurity resilience and ensure the protection of key systems.' About Lesotho Communication Authority: Established in June 2000, the Lesotho Communications Authority (LCA) is a statutory body responsible for regulating Lesotho's communications sector. Its core mandate includes licensing operators, managing radio frequency spectrum, approving tariffs, promoting fair competition, type approving equipment, and ensuring consumer protection. Its mandate is to foster a secure, reliable, and competitive communications environment throughout Lesotho. For more information, contact: info@ About CTM360: CTM360 is a unified external security platform that integrates External Attack Surface Management, Digital Risk Protection, Cyber Threat Intelligence, Brand Protection & Anti-phishing, Surface, Deep & Dark Web Monitoring, Security Ratings, Third Party Risk Management and Unlimited Takedowns. Seamless and turn-key, CTM360 requires no configurations, installations or inputs from the end-user, with all data pre-populated and specific to your organization. All aspects are managed by CTM360. For more information, contact: info@
Mint
7 days ago
- Business
- Mint
Shocking! Over 10,000 fake TikTok and Facebook shops used to spread malware and steal cryptocurrency: Report
Cybersecurity researchers have reportedly uncovered a large-scale campaign in which cybercriminals are using TikTok Shops to distribute malware and defraud users, particularly younger customers. According to TechRadar, security analysts at CTM360 found that the perpetrators impersonate legitimate e-commerce sellers, often employing AI-generated content to bolster their credibility. The scam is not confined to TikTok, similar fraudulent storefronts have been detected on Facebook, where enticing advertisements offering steep discounts are used to lure victims, noted the publication. The aim is reportedly twofold: to steal cryptocurrency payments and to compromise personal information through malicious software. Investigators have linked TikTok Wholesale and Mall-branded pages to more than 10,000 fraudulent URLs. Reportedly, these mimic official retail portals but redirect visitors to phishing websites. Victims are then prompted to pay a deposit into a fake online wallet or purchase goods that do not exist. Some operations pose as affiliate programme managers, distributing disguised malicious applications. Over 5,000 download sources have been identified, many of which employ embedded links or QR codes to evade detection, the report added. One notable threat, dubbed 'SparkKitty,' is capable of extracting data from Android and iOS devices, allowing attackers prolonged access even after the initial breach. Because cryptocurrency transfers are irreversible, victims have little chance of recovering their losses. Scammers often deploy countdown timers or limited-time deals to create a sense of urgency, pushing targets to act without verifying authenticity. Analysis of the fraudulent domains reveals a reliance on inexpensive extensions such as .top, .shop, and .icu, which can be quickly purchased and deployed. Security experts advise consumers to verify web addresses before making payments, ensure sites use secure HTTPS connections, and avoid unusually steep discounts. They also recommend sticking to standard payment methods, avoiding direct cryptocurrency transfers, and maintaining up-to-date antivirus software with real-time protection. Firewalls and vigilance, even on polished-looking platforms, remain essential in identifying and avoiding scams.
Express Tribune
12-08-2025
- Business
- Express Tribune
Fake TikTok shops linked to malware campaign targeting cryptocurrency
Cybercriminals are exploiting TikTok's shopping feature to distribute malware and steal funds from unsuspecting users. Reported by cybersecurity firm CMT360, the scheme involves fraudsters creating convincing imitations of legitimate e-commerce profiles, often using AI-generated content to bolster credibility. These fake 'TikTok Shops' - also seen on Facebook - advertise steep discounts to lure potential buyers. Once users click through, they are redirected to phishing portals disguised as genuine retail sites. According to CTM360, more than 10,000 fraudulent URLs have been traced to TikTok Wholesale and Mall pages. 🚨 15,000+ fake TikTok Shop domains are being used in an AI-powered scam campaign dubbed ClickTok, blending phishing, malware, and crypto theft into one deceptive funnel. From trojanized apps and fake storefronts to AI-generated influencer videos and phishing pages, threat… — Rhythm Jain (@cyphorX) August 5, 2025 The sites offer 'buy links' leading to fake payment pages, where victims, particularly younger audiences, are tricked into depositing funds into counterfeit online wallets or paying for non-existent products. Some operations go further, posing as affiliate management services and distributing malicious apps designed to compromise sellers' devices, as reported by TechRadar. One identified strain, dubbed SparkKitty, has the capability to harvest sensitive information from both Android and iOS devices, enabling long-term surveillance and control. Investigators say over 5,000 malicious download sources - often spread via embedded links or QR codes - have been uncovered in connection with the campaign. 🚨ALERT: Fake TikTok Clones Target Crypto Users Cyber firm CTM360 warns of 'FraudonTok' 15K+ fake TikTok sites & apps using AI deepfakes + SparkKitty malware to steal seed phrases. 🧠 Tip: Never store seed phrases on your phone. — BeInCrypto (@beincrypto) August 8, 2025 The attackers frequently use high-pressure sales tactics, such as countdown timers and 'flash sales,' to prompt snap decisions. Many of the fraudulent sites operate under low-cost domain extensions like '.top', '.shop', and '.icu', allowing them to be set up quickly and inexpensively. CMT360 urge users to verify web addresses before entering payment details, avoid direct cryptocurrency or wire transfers, and install robust security software to block malicious sites. 'Even professional-looking storefronts can conceal highly sophisticated scams,' CTM360 noted.
Tom's Guide
06-08-2025
- Business
- Tom's Guide
Hackers are using fake TikTok Shops to steal money and spread malware — don't fall for this
Be wary of deals on TikTok Shops that seem too good to be true – they may be malware in disguise. As reported by PCMag, there's currently a campaign making the rounds online where scammers use AI to imitate TikTok sellers and stores in order to trick users into clicking on malicious links or to convince users to send them cryptocurrency. Cybersecurity firm CTM360 issued a report that uncovered a widespread campaign where threat actors have been capitalizing on the trust that users have in the TikTok brand so that they can hijack accounts, steal money or personal data or distribute malware. The threat actors are creating convincing replicas of TikTok Shop profiles, even including AI-generated videos, which makes users believe that they've landed on a legitimate page. The campaign is also circulating ads on Facebook and TikTok in which they promise unusually large discounts on products in order to tempt victims as well as to redirect targets to fake versions of both TikTok Wholesale and TikTok Mall. CTM360 has found over 10,000 such fake URLs created to lure shoppers into giving up their login credentials, or to deposit cryptocurrency into fraudulent storefronts. These threat actors have also leveraged the TikTok Shop affiliate management platform by creating a malicious app designed to take over accounts, steal personal information and even enable persistent device compromise. These bad apps are being distributed through embedded download links and QR codes; CTM360 says they have found more than 5,000 such download sites so far. According to The HackerNews, the malware that is being distributed through the malicious apps is SparkKitty which can harvest data from either Android or iOS devices. Victims of the fake affiliate program will be asked to pay in cryptocurrency or to deposit money into a fake on-site wallet and given promises that they will receive future commission payouts or bonuses which, of course, are never paid out. When shopping online, it's good to follow a few hard and fast rules and the first one is always: If it seems to good to be true, it almost certainly is. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Be wary of any deals that use pressure or urgency in their tactics, making you feel like you need to act fast or putting an expiration date on a deal. Likewise, be suspicious of any site that doesn't take traditional payment methods and instead request payments in gifts cards, cryptocurrency wallets, iffy websites or links, or want a bank account number or other banking information. Double and triple check URLs to websites to see where they lead; scam sites will often use low cost domains. In the case of this campaign, many of the sites are using domains that end in .top, .shop or .icu. Keep in mind that official shops and affiliate programs are unlikely to reach out to you proactively to ask you to deposit money. And be careful with advertisements, as fake deals are incredibly easy to circulate around social media and we've seen all sorts of malicious ads used in a number of campaigns in recent years. Finally, you want to make sure you have one of the best antivirus programs installed on your computer. Not only can they keep you safe from malware and viruses but many of them include features that will help protect you while browsing and shopping online like a hardened browser, or alerts that show up when you navigate to sites that have been reported as malicious, a firewall, or VPN. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
Forbes
05-08-2025
- Forbes
TikTok Shop Password Warning Issued As ClickTok Hackers Strike
Security researchers have issued a warning about an ongoing hacking campaign, identified as ClickTok, which targets fake TikTok Shop login pages to harvest account passwords. The threat actors have, so far, been observed to have established 10,000 fake sites and 5,000 malicious apps during the campaign, which also distributes SparkKitty spyware to steal cryptocurrency wallets. ClickTok Hackers Target TikTok Shop Customers TikTok credential-stealing campaigns have been reported before, but ClickTok is deserving of your immediate attention as it adopts what the researchers called 'a hybrid scam model' combining both phishing and malware specifically targeting the rapidly growing TikTok Shop customer base. 'The scam begins with the impersonation of TikTok's commercial ecosystem, including TikTok Shop, TikTok Wholesale, and TikTok Mall.,' the CTM360 security researchers said, These fake sites 'closely mimic the official interface, deceiving users into thinking they're interacting with the real platform.' The CTM360 analysis, published August 5, revealed that the fake TikTok Shop sites are mostly using either free or very low-cost domains, including .top and .shop. But it's not just these sites that are being used; ClickTok hackers have also distributed more than 5,000 malware-laden apps using a combination of malicious QR codes and embedded download links. The researchers have warned that this scam campaign is 'spreading on a global scale' and targeting users even beyond the 17 countries in which the TikTok Shop is officially available, which include the U.S. and U.K., along with countries in Europe and Asia. Mitigating TikTok Shop Hack Attacks Users are recommended to take the following mitigation measures: I have reached out for a statement regarding the TikTok Shop ClickTok attacks and will update this article in due course.
