According to BlockBeats, a recent report by security research firm CTM360 reveals a global cyberattack targeting TikTok Shop users, known as 'ClickTok.' The attackers have created over 10,000 counterfeit websites and 5,000 malicious applications, employing hybrid scam techniques to steal user account credentials and distribute SparkKitty spyware, aiming to access users' cryptocurrency wallets.
The campaign has expanded beyond the 17 countries where TikTok Shop is officially available. Attackers primarily use low-cost domains, such as .top and .shop, to set up phishing sites and spread malicious software through deceptive QR codes and download links.
Security experts advise users to access TikTok Shop through the official app, carefully verify website authenticity, and avoid downloading software from unknown sources.
