Cybersecurity researchers have uncovered a widespread malicious campaign targeting TikTok Shop users worldwide, aimed at stealing credentials and distributing malicious applications. The cybersecurity firm CTM360 has named this operation ClickTok, highlighting how threat actors are exploiting the e-commerce platform through a dual strategy that combines phishing and malware.
A not very sophisticated scam, but very effective
More than 15,000 domains that imitate legitimate TikTok URLs have been identified, many of them hosted on top-level domains such as .top, .shop, and .icu. These fake sites are designed to deceive users into believing they are interacting with the official platform or legitimate affiliates. Phishing pages lure users into depositing cryptocurrencies in fraudulent stores by offering discounts and non-existent products.
The heart of this campaign involves the use of a malicious application that contains malware known as SparkKitty. This malware has the ability to collect data from Android and iOS devices, as well as analyze cryptocurrency wallets. Users who download this application are led to enter their login credentials, only to face failures that redirect them to an alternative login through Google.
In addition, another type of phishing targeting users of Meta Business Suite has been identified, through fake emails alerting about policy violations. The U.S. Department of the Treasury’s Financial Crimes Enforcement Network has urged financial institutions to remain vigilant against suspicious activities related to convertible virtual currency kiosks, as criminals continue to exploit innovative technologies to carry out fraud.
