Menu

Shocking! Over 10,000 fake TikTok and Facebook shops used to spread malware and steal cryptocurrency: Report

Cybersecurity researchers have reportedly uncovered a large-scale campaign in which cybercriminals are using TikTok Shops to distribute malware and defraud users, particularly younger customers.

AI-generated content used to mimic real sellers

According to TechRadar, security analysts at CTM360 found that the perpetrators impersonate legitimate e-commerce sellers, often employing AI-generated content to bolster their credibility. The scam is not confined to TikTok, similar fraudulent storefronts have been detected on Facebook, where enticing advertisements offering steep discounts are used to lure victims, noted the publication.

The aim is reportedly twofold: to steal cryptocurrency payments and to compromise personal information through malicious software. Investigators have linked TikTok Wholesale and Mall-branded pages to more than 10,000 fraudulent URLs.

Reportedly, these mimic official retail portals but redirect visitors to phishing websites. Victims are then prompted to pay a deposit into a fake online wallet or purchase goods that do not exist.

Malicious apps disguised as affiliate tools

Some operations pose as affiliate programme managers, distributing disguised malicious applications. Over 5,000 download sources have been identified, many of which employ embedded links or QR codes to evade detection, the report added. One notable threat, dubbed “SparkKitty,” is capable of extracting data from Android and iOS devices, allowing attackers prolonged access even after the initial breach.

Because cryptocurrency transfers are irreversible, victims have little chance of recovering their losses. Scammers often deploy countdown timers or limited-time deals to create a sense of urgency, pushing targets to act without verifying authenticity.

Analysis of the fraudulent domains reveals a reliance on inexpensive extensions such as .top, .shop, and .icu, which can be quickly purchased and deployed.

Security precautions for online shoppers

Security experts advise consumers to verify web addresses before making payments, ensure sites use secure HTTPS connections, and avoid unusually steep discounts. They also recommend sticking to standard payment methods, avoiding direct cryptocurrency transfers, and maintaining up-to-date antivirus software with real-time protection. Firewalls and vigilance, even on polished-looking platforms, remain essential in identifying and avoiding scams.

Related Posts

Back To Top
the Ivy

The Ivy is our flagship newsletter delivered 3x per week (Mon, Wed, Fri) with a focus on investments that can stand the test of time. Investors who seek undervalued companies, passive income, or top-rated ETFs will find The Ivy to be the definitive financial newsletter.

the Burst

If you trade the markets seeking to find the next growth stock, The Burst was created for you. In this newsletter (delivered Tue/Thu), we spotlight companies that are changing the world as well as cryptocurrencies and blockchain projects disrupting the status quo.

the Spotlight

In our weekly Spotlight newsletter, we shine a light on “stand-out” companies that have high potential. You will also find an assortment of “big picture” topics covered, from economic insights to stock market outlook.

the Daily

We aggregate some of the best up to date investing stories and news from around the web and deliver it to you each day in The Daily.

Enter your email to join the tens of thousands of traders and investors already taking advantage of the complimentary Summa Money newsletters


© Summa Money 2025
Powered by WordPressThemify WordPress Themes