BlockBeats reports that on August 5, security research agency CTM360 released a new report indicating that a hacking campaign codenamed 'ClickTok' is globally targeting TikTok Shop users. Attackers have established over 10,000 counterfeit websites and 5,000 malicious applications, using mixed fraud tactics to steal user account credentials and spread SparkKitty spyware, intending to steal users' cryptocurrency wallets.
The campaign has expanded beyond the 17 countries officially covered by TikTok Shop. Attackers primarily use low-cost domain names (such as .top and .shop) to create phishing sites and spread malware through malicious QR codes and download links.
Security experts advise users to access TikTok Shop through the official app, carefully verify the authenticity of websites, and avoid downloading software from unknown sources.