Latest news with #ClickTok
Express Tribune
3 days ago
- Business
- Express Tribune
Fake TikTok shops linked to malware campaign targeting cryptocurrency
Cybercriminals are exploiting TikTok's shopping feature to distribute malware and steal funds from unsuspecting users. Reported by cybersecurity firm CMT360, the scheme involves fraudsters creating convincing imitations of legitimate e-commerce profiles, often using AI-generated content to bolster credibility. These fake 'TikTok Shops' - also seen on Facebook - advertise steep discounts to lure potential buyers. Once users click through, they are redirected to phishing portals disguised as genuine retail sites. According to CTM360, more than 10,000 fraudulent URLs have been traced to TikTok Wholesale and Mall pages. 🚨 15,000+ fake TikTok Shop domains are being used in an AI-powered scam campaign dubbed ClickTok, blending phishing, malware, and crypto theft into one deceptive funnel. From trojanized apps and fake storefronts to AI-generated influencer videos and phishing pages, threat… — Rhythm Jain (@cyphorX) August 5, 2025 The sites offer 'buy links' leading to fake payment pages, where victims, particularly younger audiences, are tricked into depositing funds into counterfeit online wallets or paying for non-existent products. Some operations go further, posing as affiliate management services and distributing malicious apps designed to compromise sellers' devices, as reported by TechRadar. One identified strain, dubbed SparkKitty, has the capability to harvest sensitive information from both Android and iOS devices, enabling long-term surveillance and control. Investigators say over 5,000 malicious download sources - often spread via embedded links or QR codes - have been uncovered in connection with the campaign. 🚨ALERT: Fake TikTok Clones Target Crypto Users Cyber firm CTM360 warns of 'FraudonTok' 15K+ fake TikTok sites & apps using AI deepfakes + SparkKitty malware to steal seed phrases. 🧠 Tip: Never store seed phrases on your phone. — BeInCrypto (@beincrypto) August 8, 2025 The attackers frequently use high-pressure sales tactics, such as countdown timers and 'flash sales,' to prompt snap decisions. Many of the fraudulent sites operate under low-cost domain extensions like '.top', '.shop', and '.icu', allowing them to be set up quickly and inexpensively. CMT360 urge users to verify web addresses before entering payment details, avoid direct cryptocurrency or wire transfers, and install robust security software to block malicious sites. 'Even professional-looking storefronts can conceal highly sophisticated scams,' CTM360 noted.
Forbes
05-08-2025
- Forbes
TikTok Shop Password Warning Issued As ClickTok Hackers Strike
Security researchers have issued a warning about an ongoing hacking campaign, identified as ClickTok, which targets fake TikTok Shop login pages to harvest account passwords. The threat actors have, so far, been observed to have established 10,000 fake sites and 5,000 malicious apps during the campaign, which also distributes SparkKitty spyware to steal cryptocurrency wallets. ClickTok Hackers Target TikTok Shop Customers TikTok credential-stealing campaigns have been reported before, but ClickTok is deserving of your immediate attention as it adopts what the researchers called 'a hybrid scam model' combining both phishing and malware specifically targeting the rapidly growing TikTok Shop customer base. 'The scam begins with the impersonation of TikTok's commercial ecosystem, including TikTok Shop, TikTok Wholesale, and TikTok Mall.,' the CTM360 security researchers said, These fake sites 'closely mimic the official interface, deceiving users into thinking they're interacting with the real platform.' The CTM360 analysis, published August 5, revealed that the fake TikTok Shop sites are mostly using either free or very low-cost domains, including .top and .shop. But it's not just these sites that are being used; ClickTok hackers have also distributed more than 5,000 malware-laden apps using a combination of malicious QR codes and embedded download links. The researchers have warned that this scam campaign is 'spreading on a global scale' and targeting users even beyond the 17 countries in which the TikTok Shop is officially available, which include the U.S. and U.K., along with countries in Europe and Asia. Mitigating TikTok Shop Hack Attacks Users are recommended to take the following mitigation measures: I have reached out for a statement regarding the TikTok Shop ClickTok attacks and will update this article in due course.
