- Fraudulent tiktok shops leading victims of false portals designed to steal cryptocurrency and data
- The crooks imitate the profiles of trusted sellers and attract buyers with unrealistic discounts on popular platforms
- Sparkkitty Malware secretly collects sensitive data from devices, allowing unauthorized long -term monitoring and control
Cybercriminals now use Tiktok stores to spread malware and steal funds from young users without distrust of the platform.
The campaign, revealed by CTM360 security experts, imitates the profile of legitimate electronic commerce sellers to create its credibility, often using content generated by AI.
In addition to Tiktok, these false stores can also be found on Facebook, where their Modus Operandi consists in announcing massive price reductions to attract potential victims.
Exploit the confidence of the for -profit brand
The main target of these malicious actors is not only fraud users, mainly in cryptocurrency, but also the delivery of malicious software and steal the connection details.
Currently, the wholesale pages of Tiktok and the shopping center have been linked to more than 10,000 fraudulent URLs of this type.
These URLs, which resemble official platforms, offer “purchasing links” that redirect visitors to a criminal phishing portal.
Once users have clicked on the link and enter the portal, they will be made to pay a deposit in an online wallet or buy a product – the online wallet is wrong and the product does not exist.
Some operations take more deception by pretending to be an affiliate management service, pushing malicious applications disguised as tools for sellers.
More than 5,000 applications download sources have been discovered, many of which use integrated links and QR codes to bypass the traditional examination.
An identified threat, known as Sparkkitty, is able to collect data on Android and iOS devices.
It can allow long -term access to compromise devices, creating a continuous risk even after the initial infection.
Malware is often delivered through these false affiliation applications, turning what seems to be a legitimate opportunity in a direct path for the takeover of the account and identity theft.
Because cryptocurrency transactions are irreversible, the victims have little appeal once the funds are transferred.
A campaign common thread is the use of pressure tactics, with countdown accounts or limited -term discounts designed to force rapid decisions.
These tactics, although common in legitimate marketing, make users more difficult to stop and assess the authenticity of an offer.
Domain checks reveal many scam sites using inexpensive extensions such as .Top, .Shop or .icu, which can be purchased and deployed quickly.
How to stay safe
- Make sure you carefully check the website address before entering your payment information. Each website detail must correspond to the legitimate field.
- Make sure to use secure https encryption
- If the price drop is too huge, follow your intestine and stay away.
- Do not allow a countdown to put you pressure on payment; This pressure is a common tactic my malicious actors
- Always insist on standard payment methods and avoid direct cable transfers or cryptocurrency, because these are more difficult to trace and often used in scams.
- Install and maintain a confidence safety series that combines robust antivirus protection with real -time navigation guarantees to block malware.
- Configure your firewall To actively monitor and filter network traffic, prevent unauthorized access and block suspicious connections before reaching your device.
- Pay particular attention to the alerts of renowned security programs, which can detect you and warn you of known phishing sites or real -time fraudulent activities.
- Stay cautious even when you buy on platforms of professional appearance, as well as well-designed windows can always hide attempts at sophisticated flight.
