CTM360 has discovered a new global malware campaign dubbed "FraudOnTok" that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds.
The unique spyware trojan discovered by CTM360 is specifically engineered to exploit TikTok Shop users across the globe.
Dubbed as “FraudOnTok”, this highly coordinated scam operation employs a hybrid scam model that combines phishing and malware to deceive buyers and affiliate program participants on TikTok’s growing e-commerce platform.
In the FraudOnTok campaign, TikTok shops were identified embedded with SparkKitty spyware, a variant closely resembling SparkCat, previously identified by Kaspersky.
Once installed, it infiltrates the user’s device, accesses the photo gallery, and extracts screenshots that may contain cryptocurrency wallet credentials. What makes FraudOnTok unique is its simultaneous use of phishing and malware tactics, significantly increasing its impact and stealth.
The scam begins with the impersonation of TikTok’s commercial ecosystem, including TikTok Shop, TikTok Wholesale, and TikTok Mall. Threat actors create fake TikTok websites that closely mimic the official interface, deceiving users into thinking they’re interacting with the real platform.
Victims are lured into logging in and attempting to make purchases. During the checkout process, they are instructed to pay via cryptocurrency wallets.
Once payment is made, the trojanized app embedded with SparkKitty spyware, covertly captures sensitive data, including wallet credentials, by reading screenshots and images stored on the device, ultimately enabling the theft of digital funds.
Read the full FraudOnTok SparkKitty Report. CTM360 has run a deep analysis of the FraudOnTok scam and published a detailed report on the FraudOnTok trojan. Learn how the SparkKitty spyware spreads via trojanized apps, phishing pages, and AI-powered scams. Read the full report
The Motive Behind FraudOnTok - A Hybrid Scam Structure
... continue reading