CTM360 has discovered a new global malware campaign dubbed "ClickTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds.
The unique unique spyware trojan discovered by CTM360 is specifically engineered to exploit TikTok Shop users across the globe.
Dubbed as “ClickTok”, this highly coordinated scam operation employs a hybrid scam model that combines phishing and malware to deceive buyers and affiliate program participants on TikTok’s growing e-commerce platform.
In the ClickTok campaign, TikTok shops were identified embedded with SparkKitty spyware, a variant closely resembling SparkCat, previously identified by Kaspersky.
Once installed, it infiltrates the user’s device, accesses the photo gallery, and extracts screenshots that may contain cryptocurrency wallet credentials. What makes ClickTok unique is its simultaneous use of phishing and malware tactics, significantly increasing its impact and stealth.
The scam begins with the impersonation of TikTok’s commercial ecosystem, including TikTok Shop, TikTok Wholesale, and TikTok Mall. Threat actors create fake TikTok websites that closely mimic the official interface, deceiving users into thinking they’re interacting with the real platform.
Victims are lured into logging in and attempting to make purchases. During the checkout process, they are instructed to pay via cryptocurrency wallets.
Once payment is made, the trojanized app embedded with SparkKitty spyware, covertly captures sensitive data, including wallet credentials, by reading screenshots and images stored on the device, ultimately enabling the theft of digital funds.
The Motive Behind ClickTok - A Hybrid Scam Structure
The attacker has two main objectives:
... continue reading