- Tiktok fraudulent stores that lead the victims to false portals designed to steal cryptocurrencies and data
- Scammers imitate profiles of trusted vendors and attract buyers with unrealistic discounts on popular platforms
- Sparkkitty malware secretly collects confidential data from devices, allowing not long -term not authorized surveillance and control
The cybercounts are now using Tiktok stores to spread malware and steal funds from young users off the platform.
The campaign, revealed by security experts in CTM360, mimics the profile of legitimate electronic commerce sellers to develop their credibility, often using content generated by AI.
In addition to Tiktok, these false stores can also be found on Facebook, where their modus operandi is to announce mass prices cuts to attract possible victims.
Exploit the confidence of the brand for profit
The main objective of these malicious actors is not only to disappoint users, mainly in cryptocurrencies, but also deliver malicious software and steal login details.
At the moment, the pages of Tiktok wholesale and Mall have been linked to more than 10,000 fraudulent urls of this type.
These URLs, which look like official platforms, offer “buy links” that redirect visitors to a criminal phishing portal.
Once users click on the link and enter the portal, they will be made to pay a deposit in an online wallet or buy a product: the online wallet is false and the product does not exist.
Some operations have more deception by making an affiliated management service, pressing malicious applications disguised as sellers.
More than 5,000 applications discharge sources have been discovered, many using embedded links and QR codes to avoid traditional scrutiny.
An identified threat, known as Sparkkitty, is able to harvest data from the Android and iOS devices.
It can allow long -term access to committed devices, creating a continuous risk even after initial infection.
Malware is often delivered through these applications of false affiliates, turning what seems to be a legitimate opportunity on a direct route for the acquisition of the account and theft of identity.
Because cryptocurrency transactions are irreversible, victims have few resources once the funds are transferred.
A common thread in the campaign is the use of pressure tactics, with countdown timers or limited time discounts designed to force fast decisions.
These tactics, although common in legitimate marketing, make it difficult for pause users to evaluate the authenticity of an offer.
Domain controls reveal many of the scam sites using economic extensions such as .top, .Shop or .icu, which can be bought and deployed rapidly.
How to stay safe
- Be sure to consult the website address carefully before entering your payment information. Every detail of the website must coincide with the legitimate domain.
- Make sure you use HTTPS insurance encryption
- If the price cut feels too huge, follow your intestine and stay away.
- Do not allow a countdown timer to press it to make the payment; This pressure is a common tactic my malicious actors
- Always insist on standard payment methods and avoid direct bank transfers or cryptocurrency, since they are more difficult to track are often used in scams.
- Install and maintain a reliable safety suite that combines robust antivirus protection with real -time navigation safeguards to block malicious websites.
- Set your firewall To actively monitor and filter network traffic, avoiding unauthorized access and blocking suspicious connections before reaching your device.
- Pay close attention to accredited security programs alerts, which can detect and warn you about known phishing sites or fraudulent activities in real time.
- Keep cautious even when buying on professional -looking platforms, as well as well -designed shop windows can still hide sophisticated robbery attempts.
