More than 15,000 fraudulent websites impersonating TikTok Shop have been leveraged to facilitate the deployment of information- and cryptocurrency-stealing malware, as well as spyware, as part of the global ClickTok scam campaign, Cybernews reports.
Threat actors have been using malicious ads to redirect to a counterfeit version of TikTok Shop, which either seeks visitors' login credentials or lures them into downloading a TikTok-impersonating app laced with the SparkKitty spyware, according to an analysis from cybersecurity firm CTM360. Aside from enabling covert account hijacking by evading typical login protections, the bogus TikTok Shop sites have also been tricking targets into conducting Tether or other cryptocurrency-based payments, with victims being shown a spurious earnings dashboard with their supposed cryptocurrency transactions, said CTM360 researchers, who noted that the continued evolution in attackers' techniques has ensured persistent bypass of security systems. TikTok Shop users have been advised to be wary of websites using the '.shop', '.top', and '.icu' extensions, as well as apps from third-party stores, and deals that are too good to be true.
Threat actors have been using malicious ads to redirect to a counterfeit version of TikTok Shop, which either seeks visitors' login credentials or lures them into downloading a TikTok-impersonating app laced with the SparkKitty spyware, according to an analysis from cybersecurity firm CTM360. Aside from enabling covert account hijacking by evading typical login protections, the bogus TikTok Shop sites have also been tricking targets into conducting Tether or other cryptocurrency-based payments, with victims being shown a spurious earnings dashboard with their supposed cryptocurrency transactions, said CTM360 researchers, who noted that the continued evolution in attackers' techniques has ensured persistent bypass of security systems. TikTok Shop users have been advised to be wary of websites using the '.shop', '.top', and '.icu' extensions, as well as apps from third-party stores, and deals that are too good to be true.



