Large-scale fraud operations use fake Tiktok shop websites and mobile apps to target users all over the world. The campaign relies on AI-Made content and cloned Tiktok branding to trick people into handing over personal information and sending digital currency.
Security researchers report over 15,000 websites designed to look like the Tiktok Shop, the Tiktok Mall, or the Tiktok Wholesale. These sites display sophisticated visuals, fake reviews and similar branding to the official Tiktok service. Victims often arrive through sponsored ads on Tiktok, Facebook, Telegram, or WhatsApp. Many of the ads show familiar faces and product discounts, although persuasive, they appear to be manufactured.
Some users will be asked to log in to these fake storefronts. Others are asked to download mobile apps that look the same as Tiktok. The app, when installed, works like real things, but runs spyware in the background. This spyware, called SparkKitty, collects personal data and sends it to an external server under attacker control.
The app is distributed through links and QR codes, not through official app stores. Researchers have discovered over 5,000 separate sites offering these downloads.
The login pages for these sites may generate an error after the user enters their credentials. The app then requests a Google login instead. This method uses a token system that can be used to enable attackers to access the original password without the need for them.
Fraud can range from financial theft. Victims are often asked to send payments using cryptocurrency through wallet pages built into fake stores. Some will show dashboards showing fake revenue and encourage you to send additional funds under the impression you receive payments. These balances are fake and no returns will be issued.
Scammers use domain extensions such as .shop, .top, and .icu to build networks. These are cheaper to register and less likely to trigger automatic alerts. This tactic allows the campaign to spread to regions that are not officially supported by Tiktok Shop.
Researchers emphasize that Tiktok's actual platform and affiliate program is operated through the official Tiktok.com domain. Sites that require payment in advance, sites that require login details other than official apps, or promote offers that seem unrealistic should be treated with suspicion.
The scope of this action shows how users can use trust in familiar brands. The tools involved, malware, cloned websites, and spoofed identities are built to avoid detection and scale quickly. The scam remains active and new variants continue to appear.
Note: This post was edited/created using Genai Tools.
Read next: WhatsApp bans millions of fraudulent accounts and adds new safety alerts
[ad_2]
Source link
