TikTok Shop Scammers Strike: The ClickTok Campaign Steals Credentials and Cryptocurrency
Cybersecurity researchers have exposed the “ClickTok” scam targeting TikTok Shop users globally. By combining phishing and malware tactics, scammers trick users with fake ads and AI-generated content, leading them to trojanized apps or phishing pages. These cunning cybercriminals aim to swipe credentials and cryptocurrency, all in the name of financial gain.
Hot Take:
It looks like TikTok Shop users are getting more than just trendy trinkets in their shopping carts – they’re also scoring a side of digital deceit and a sprinkle of malware! Who knew shopping for the latest dance challenge swag could come with a complimentary lesson in cybersecurity? Welcome to the new age of shopping, where everything is discounted, including your dignity. Keep those credentials close as you scroll, folks!
Key Points:
– A malicious campaign named ClickTok is targeting TikTok Shop users with phishing and malware attacks.
– Over 15,000 lookalike domains have been created to mimic TikTok’s official URLs.
– The campaign uses AI-generated videos and fake ads to lure users into downloading trojanized apps.
– SparkKitty malware is deployed to steal credentials and harvest data from both Android and iOS devices.
– A related campaign dubbed CyberHeist Phish targets corporate online banking users through Google Ads.