Hackers Exploit Fake TikTok Shops to Steal Funds and Spread Malware — Stay Alert

The Rise of Malware Scams on TikTok Shops

TikTok has become a popular platform for both social interaction and online shopping, but with its growing popularity comes an increase in cyber threats. Users are being warned to be cautious of deals that seem too good to be true, as they could be hiding malicious intent. Cybersecurity experts have identified a campaign where scammers use artificial intelligence to mimic legitimate TikTok sellers and stores, luring users into clicking on malicious links or sending cryptocurrency.

A report by the cybersecurity firm CTM360 revealed a widespread campaign where threat actors exploit the trust users place in the TikTok brand. These actors create convincing replicas of TikTok Shop profiles, complete with AI-generated videos, making it difficult for users to distinguish between real and fake pages. This tactic is not limited to TikTok alone; the campaign also spreads through Facebook and TikTok ads, offering unusually large discounts to entice victims.

The scammers redirect users to fake versions of TikTok Wholesale and TikTok Mall. According to CTM360, over 10,000 fake URLs have been created to trick shoppers into providing their login credentials or depositing cryptocurrency into fraudulent storefronts. These fake sites often use low-cost domains, such as .top, .shop, or .icu, which can be a red flag for users.

In addition to creating fake websites, threat actors have also exploited the TikTok Shop affiliate management platform. They have developed a malicious app designed to take over accounts, steal personal information, and even enable persistent device compromise. These apps are distributed through embedded download links and QR codes, with more than 5,000 such download sites identified so far.

The malware associated with these malicious apps is known as SparkKitty, which can harvest data from both Android and iOS devices. Victims of the fake affiliate program are often asked to pay in cryptocurrency or deposit money into a fake on-site wallet, with promises of future commission payouts or bonuses that never materialize.

How to Stay Safe Online

When shopping online, it's essential to follow some basic rules to protect yourself from scams. The first and most important rule is: if it seems too good to be true, it probably is. Be wary of any deals that use pressure or urgency in their tactics, making you feel like you need to act fast or putting an expiration date on a deal.

Another important step is to be suspicious of any site that doesn't accept traditional payment methods. If a site requests payments in gift cards, cryptocurrency wallets, iffy websites, or asks for bank account numbers or other banking information, it could be a scam.

Double-check the URLs of websites you visit to ensure they lead to legitimate sources. Scam sites often use low-cost domains, so look out for unusual endings like .top, .shop, or .icu. Official shops and affiliate programs are unlikely to reach out to you proactively to ask for deposits, so be cautious of any unexpected messages.

Be careful with advertisements, as fake deals are easy to circulate on social media. Many campaigns have used malicious ads in recent years, so always verify the legitimacy of any offer before proceeding.

Finally, make sure you have one of the best antivirus programs installed on your computer. These programs not only protect against malware and viruses but also include features like hardened browsers, alerts for malicious sites, firewalls, and VPNs to enhance your online security.

By staying informed and vigilant, you can protect yourself from the growing threat of malware scams on platforms like TikTok. Always remember to think critically about any online offers and take necessary precautions to safeguard your personal information and financial assets.