Fake TikTok Shops tied to malware campaign targeting crypto users

(Web Desk): Cybercriminals are exploiting TikTok’s shopping feature to distribute malware and steal funds from unsuspecting users.

Reported by cybersecurity firm CMT360, the scheme involves fraudsters creating convincing imitations of legitimate e-commerce profiles, often using AI-generated content to bolster credibility.

These fake “TikTok Shops” - also seen on Facebook - advertise steep discounts to lure potential buyers. Once users click through, they are redirected to phishing portals disguised as genuine retail sites.

According to CTM360, more than 10,000 fraudulent URLs have been traced to TikTok Wholesale and Mall pages.

The sites offer “buy links” leading to fake payment pages, where victims, particularly younger audiences, are tricked into depositing funds into counterfeit online wallets or paying for non-existent products.

Some operations go further, posing as affiliate management services and distributing malicious apps designed to compromise sellers’ devices, as reported by TechRadar.

One identified strain, dubbed SparkKitty, has the capability to harvest sensitive information from both Android and iOS devices, enabling long-term surveillance and control.

Investigators say over 5,000 malicious download sources - often spread via embedded links or QR codes - have been uncovered in connection with the campaign.

The attackers frequently use high-pressure sales tactics, such as countdown timers and “flash sales,” to prompt snap decisions.

Many of the fraudulent sites operate under low-cost domain extensions like '.top', '.shop', and '.icu', allowing them to be set up quickly and inexpensively.

CMT360 urge users to verify web addresses before entering payment details, avoid direct cryptocurrency or wire transfers, and install robust security software to block malicious sites.

“Even professional-looking storefronts can conceal highly sophisticated scams,” CTM360 noted.