Overview

• CTM360 confirms over 15,000 lookalike TikTok Shop sites hosted on low-cost TLDs are distributing phishing pages and trojanized apps.
• More than 5,000 malicious apps deploy a SparkKitty variant capable of device fingerprinting, OCR scanning for crypto seed phrases, and session token theft.
• Attackers lure victims outside TikTok Shop’s 17 official markets using AI-generated videos and fake influencer content in social ads.
• Security advisories from FinCEN and major outlets recommend verifying domains, avoiding unknown downloads, and reporting suspicious TikTok content.
• CTM360 urges users to adopt robust antivirus measures, manually validate URLs, and stay alert to evolving phishing and malware tactics.