{"id":344145,"date":"2025-08-05T08:00:00","date_gmt":"2025-08-05T15:00:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=392166"},"modified":"2025-08-05T08:27:49","modified_gmt":"2025-08-05T15:27:49","slug":"be-careful-with-tiktok-links-because-they-could-be-used-to-steal-your-data","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/be-careful-with-tiktok-links-because-they-could-be-used-to-steal-your-data\/","title":{"rendered":"Be careful with TikTok links, because they could be used to steal your data"},"content":{"rendered":"\n<p>Cybersecurity researchers have uncovered a widespread malicious campaign targeting TikTok Shop users worldwide, aimed at stealing credentials and distributing malicious applications. <strong>The cybersecurity firm CTM360 has named this operation ClickTok, highlighting how threat actors are exploiting the e-commerce platform through a dual strategy that combines phishing and malware<\/strong>.<\/p>\n\n\n<h2 class=\"wp-block-heading\">A not very sophisticated scam, but very effective<\/h2>\n\n\n<p>More than 15,000 domains that imitate legitimate TikTok URLs have been identified, many of them hosted on top-level domains such as .top, .shop, and .icu. <strong>These fake sites are designed to deceive users into believing they are interacting with the official platform or legitimate affiliates<\/strong>. Phishing pages lure users into depositing cryptocurrencies in fraudulent stores by offering discounts and non-existent products.<\/p>\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Dancing for the Devil: The 7M TikTok Cult | Official Trailer | Netflix\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/-CCG5RXbtwc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n<p>The heart of this campaign involves the use of a malicious application that contains malware known as SparkKitty. This malware has the ability to collect data from Android and iOS devices, as well as analyze cryptocurrency wallets. <strong>Users who download this application are led to enter their login credentials, only to face failures that redirect them to an alternative login through Google<\/strong>.<\/p>\n\n\n<p>In addition, another type of phishing targeting users of Meta Business Suite has been identified, through fake emails alerting about policy violations. <strong>The U.S. Department of the Treasury&#8217;s Financial Crimes Enforcement Network has urged financial institutions to remain vigilant against suspicious activities related to convertible virtual currency kiosks<\/strong>, as criminals continue to exploit innovative technologies to carry out fraud.<\/p>\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"TikTok\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/25d01a14-3485-42e7-a253-e5050ac51dd1\/1217029392\/tik-tok-Download-Tiktok.jpg\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">TikTok<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/tik-tok.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\">DOWNLOAD<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/tik-tok.softonic.com\/android\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have discovered a wide-ranging malicious campaign targeting TikTok Shop users worldwide, aimed at stealing credentials and distributing malicious applications. The cybersecurity firm CTM360 has named this operation ClickTok, highlighting how threat actors are exploiting the e-commerce platform through a dual strategy that combines phishing and malware. A not very sophisticated scam, but very effective. More than 15,000 domains that mimic legitimate TikTok URLs have been identified, many of them hosted on top-level domains like .top, .shop, and [&#8230;]<\/p>\n","protected":false},"author":9318,"featured_media":344146,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015,11143],"tags":[14636,14637,14638,5605,14639,14640,1068,1627,2303,14641,14642],"usertag":[],"vertical":[],"content-category":[7176,6869],"class_list":["post-344145","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-softwaresecurity","tag-icu","tag-shop","tag-aplicacion-maliciosa","tag-ciberseguridad","tag-clicktok","tag-ctm360","tag-google","tag-malware","tag-tiktok","tag-u-s-department-of-the-treasurys-financial-crimes-enforcement-network","tag-url-legitimas","content-category-seguridad-privacidad","content-category-streaming-videos"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/344145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9318"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=344145"}],"version-history":[{"count":2,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/344145\/revisions"}],"predecessor-version":[{"id":344158,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/344145\/revisions\/344158"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/344146"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=344145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=344145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=344145"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=344145"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=344145"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=344145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}