15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Cybersecurity researchers have lifted the veil on a widespread malicious campaign that's targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. "Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users," CTM360 said. "The core tactic involves a deceptive replica of TikTok Shop that tricks users into thinking theyʼre interacting with a legitimate affiliate or the real platform." The scam campaign has been codenamed ClickTok by the Bahrain-based cybersecurity company, calling out the threat actor's multi-pronged distribution strategy that involves Meta ads and artificial intelligence (AI)-generated TikTok videos that mimic influencers or official brand ambassadors. Central to the effort is the use of lookalike domains that resemble legitimate TikTok URLs. Over 15,000 such impersonated websites have been identified to date. The vast majority of these domains are hosted on top-level domains such as .top, .shop, and .icu. These domains are designed to host phishing landing pages that either steal user credentials or distribute bogus apps that deploy a variant of a known cross-platform malware called SparkKitty that's capable of harvesting data from both Android and iOS devices. What's more, a chunk of these phishing pages lure users into depositing cryptocurrency on fraudulent storefronts by advertising fake product listings and heavy…Read More