A malicious campaign is targeting TikTok Shop users globally to steal credentials and distribute trojanized apps. This dual attack strategy employs phishing and malware, primarily through a deceptive replica of TikTok Shop. Over 15,000 impersonated websites have been identified, mostly on top-level domains like .top, .shop, and .icu. These phishing landing pages aim to steal user credentials and distribute a variant of SparkKitty malware. Some pages lure users into crypto deposits by advertising fake products. The scam uses fake ads, profiles, and AI-generated content to engage users and spread malware.
Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users.
Over 15,000 such impersonated websites have been identified to date. The vast majority of these domains are hosted on top-level domains such as .top, .shop, and .icu.
The scam mimics legitimate TikTok Shop activity through fake ads, profiles, and AI-generated content, tricking users into engaging to distribute malware.
CTM360 said it identified no less than 5,000 URLs that are set up with an intent to download the malware-laced app by advertising it as TikTok Shop.
Collection
[
|
...
]