ClickTok Hackers Launch Large-Scale Attacks Targeting TikTok Shop Users

According to a report by Jinse Finance, security research firm CTM360 has revealed that a hacker campaign codenamed "ClickTok" is currently targeting TikTok Shop users worldwide. Attackers have set up over 10,000 phishing websites and 5,000 malicious applications, using hybrid scam tactics to steal user account credentials and spread the SparkKitty spyware, aiming to compromise users' cryptocurrency wallets. This campaign has expanded beyond the 17 countries officially covered by TikTok Shop. The attackers primarily use low-cost domains such as .top and .shop to create phishing sites, and distribute malicious programs through harmful QR codes and download links. Security experts advise users to access TikTok Shop only through the official app, carefully verify the authenticity of websites, and avoid downloading software from unknown sources.