- FRAIGHTING TIKTOK -stores running victims to fake portals designed to steal cryptocurrency and data
- Scammers mimic trusted seller profiles and lure shoppers with unrealistic discounts across popular platforms
- Sparkkitty Malware collects secretly sensitive data from devices, enabling prolonged unauthorized monitoring and control
Cybercriminals now use Tiktok stores to spread malware and steal funds from unsuspecting young users of the platform.
The campaign revealed by security experts on CTM360 mimics the profile of legitimate e-commerce sellers to build its credibility, often using AI-generated content.
In addition to Tiktok, these fake stores can also be found on Facebook, where their Modus Operandi has to advertise massive price cuts to lure potential victims.
Utilizing Brand Trust for result
The main goal of these malicious actors is not only to scam users, mostly in cryptocurrency, but also to provide malicious software and steal login information.
Currently, Tiktok Wholesale and the shopping mall have been linked to over 10,000 such fraudulent URLs.
These URLs, similar to official platforms, offer “Buy Links” that redirect visitors to a criminal phishing portal.
When users click on the link and enter the portal, they will be made to pay a deposit in an online wallet or buy a product – the online wallet is false and the product is not found.
Some operations take the deception by posing as an affiliated management service and pushing malicious apps disguised as tools for sellers.
More than 5,000 app -Download sources have been revealed, many user embedded links and QR codes to bypass traditional control.
An identified threat known as Sparkkitty is able to harvest data from both Android and iOS devices.
It can provide long -term access to compromised devices and create continuous risk, even after the initial infection.
Malware is often delivered through these false affiliated applications, making what seems to be a legitimate opportunity for a direct path to takeover of account and identity theft.
Since cryptocurrency transactions are irreversible, the victims have little use when the funds are transferred.
A common thread in the campaign is the use of pressure tactics with countdown stims or discounts with limited time designed to force quick decisions.
These tactics, although common in legitimate marketing, make it harder for users to pause and assess the authenticity of an offer.
Domain control reveals many of the scams that use cheap extensions such as .top, .shop or .icu, which can be purchased and implemented quickly.
How to remain safe
- Be sure to check the site’s address carefully before entering your payment information. Every detail of the site must match the legitimate domain.
- Make sure you are using secure https encryption
- If the price reduction feels too huge, follow your gut and stay away.
- Do not allow a countdown lesson to push you to make payment; This pressure is a common tactic my malicious actors
- Always insist on the standard payment methods and avoid direct wiring transfers or cryptocurrency as this is more difficult to track and is often used in fraud.
- Install and maintain a trusted security suite that combines robust antivirus protection with real-time browsing protection measures to block malicious sites.
- Configure your firewall To actively monitor and filter network traffic, prevent unauthorized access and block suspicious connections before reaching your device.
- Pay attention to warnings from reputable security programs that can discover and warn you of well -known phishing sites or false activities in real time.
- Stay cautious even when shopping on professional looking platforms, which well -designed shopping sites can still hide sophisticated attempts at theft.
