A Sophisticated Hybrid Scam Uncovered
Cybersecurity researchers recently uncovered a large-scale phishing and malware campaign targeting TikTok Shop users, known as FraudOnTok (previously ClickTok). The operation involves over 15,000 fake domains impersonating TikTok Shop to spread malware and steal cryptocurrency.
These malicious websites are promoted using AI-generated influencer videos, fraudulent ads on Meta platforms, and deceptive affiliate links-creating the illusion of legitimacy while tricking users into downloading trojanized apps or submitting personal data.
The primary payload in this campaign is SparkKitty, an advanced cross-platform malware capable of screenshot analysis, clipboard scraping, and stealing crypto wallet seed phrases.
Key Threat Insights
- 15,000+ typosquatted domains using TLDs like .top, .shop, and .icu
- Social engineering via AI-generated video content
- Trojanized TikTok Shop apps used to deliver malware
- Double-layered scam using both phishing and malware in a single funnel
- Targeting crypto users, especially those active in social commerce platforms
Why This Matters
This campaign signals a shift in cybercriminal strategies:
- From phishing to full-scale impersonation of trusted platforms
- From malware alone to hybrid attack chains (phishing + crypto theft)
- From technical exploitation to social manipulation via AI-driven content
Organizations in e-commerce, retail tech, fintech, affiliate marketing, and influencer-driven platforms are especially vulnerable.
How COE Security Can Help
At COE Security, we help organizations defend against brand impersonation and multi-vector cyberattacks. Our team actively monitors evolving threats across social platforms, web domains, and digital marketplaces.
Our cybersecurity offerings for sectors impacted by this campaign include:
- Brand Abuse & Domain Spoofing Detection
- Affiliate & Ad Fraud Vetting Tools AI-generated Content Monitoring for Phishing
- Malware Risk Assessments and Endpoint Protection
- Crypto Wallet and Web3 Security Hardening
- Incident Response and Threat Containment
- Phishing Simulation Training for Staff & Partners
Whether you’re a marketplace, influencer platform, SaaS vendor, or crypto-enabled fintech-we ensure your users and infrastructure remain protected.
Conclusion
The FraudOnTok operation exploiting TikTok Shop branding isn’t just a phishing scam-it’s a sophisticated convergence of malware, brand abuse, AI-generated fraud, and financial theft.
As adversaries become more creative, proactive digital threat monitoring and cross-platform visibility must become part of every organization’s cyber hygiene strategy.
About COE Security
COE Security is a trusted cybersecurity advisory and managed services firm protecting global organizations from evolving cyber threats. We work across sectors including e-commerce, retail tech, fintech, telecom, media, government, and Web3.
Our specialties include:
- Cyber Threat Intelligence & Dark Web Monitoring
- Malware & Endpoint Threat Mitigation
- AI & Social Engineering Attack Prevention
- Zero Trust Architecture & Compliance (ISO 27001, NIST CSF, GDPR)
- Domain Abuse & Brand Protection
- Web3 & Crypto Asset Security
- Incident Response & Digital Forensics
From startups to multinational enterprises, we ensure your business stays resilient-beyond detection, toward prevention.
Follow COE Security for expert insights, real-time threat alerts, and tailored defense strategies.