A massive cyberattack campaign has been discovered targeting TikTok Shop users. Security researchers have found over 15,000 fake domains that are being used to trick users into downloading malware and stealing their cryptocurrency. This campaign, named “ClickTok” by cybersecurity firm CTM360, is one of the largest TikTok-related scams seen to date.
The attackers are creating websites that look like the official TikTok Shop but with slightly altered domain names. These fake websites use extensions like .top, .shop, .store, .online, and .site to confuse users into thinking they are on a genuine platform. Once someone clicks on these websites, they are taken to pages that mimic real login or shopping interfaces.
To make the scam more convincing, the hackers are using AI-generated TikTok videos and running paid ads through Meta platforms like Facebook and Instagram. These fake ads often feature AI avatars or content that looks like it was made by real influencers. Their goal is to convince people to click, thinking they are seeing a real TikTok Shop promotion.
When someone clicks on the ad or link, they’re sent to a phishing page that either asks for login details or encourages the user to download a fake TikTok app. This fake app is not safe—it’s a trojan that behaves like TikTok but actually contains hidden malware. This malicious software secretly spies on the device.
The malware in this case is called SparkKitty, which is a new variant of another spyware family known as SparkRat or SparkCat. Once installed, SparkKitty can take screenshots, record activity, and even read sensitive information from the screen. It’s particularly dangerous because it can detect and extract data from screenshots that contain things like crypto wallet seed phrases.
This malware also fingerprints the device, collecting technical data like the operating system, IP address, and location. This allows the attacker to uniquely identify and track the infected device. All of this data is sent silently back to the hacker’s servers without the user knowing.
One of the main aims of the ClickTok campaign is to steal cryptocurrency. Many of the fake websites tell users they’ve won an offer or discount and ask them to top up a wallet using crypto. Some are even targeting affiliate marketers by offering fake commission payments or rewards in exchange for deposits.
Researchers found that over 5,000 of these scam websites were focused specifically on stealing crypto. Once the money is sent, it goes directly to the attacker’s wallet, and the victim never receives what was promised. There is no refund or recovery option in such cases.
The campaign is still active, and thousands of new domains are being registered regularly. These scams are spreading fast because they use AI-generated content that looks very real, and many users don’t realize they’re being tricked until it’s too late.
Security experts from CTM360 are advising users to be extra cautious. They recommend that people only download apps from official app stores, avoid clicking on suspicious ads, and always check URLs carefully before entering any personal or financial information.
It’s also important to install antivirus or security tools that can detect malware like SparkKitty. Users should never save crypto seed phrases in screenshots or unprotected files on their devices, as these can easily be captured by spyware.
This attack is a clear reminder that cybercriminals are using new AI tools and social media trends to launch more advanced and realistic scams. As TikTok Shop continues to grow, it’s becoming a bigger target for cybercrime. Staying alert and verifying everything before trusting it is the best defense right now.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
