TikTok Scam Phishes Users to Install Malware

share
Header image

TikTok Scam Phishes Users to Install Malware

share

Warnings on scam versions of TikTok which seek to distribute trojanised apps.

A malware campaign is targeting TikTok Shop users with an aim to steal credentials and distribute trojanised apps.

According to Hacker News, reporting on research by CTM360, threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users.

CTM360 said: "The core tactic involves a deceptive replica of TikTok Shop that tricks users into thinking they're interacting with a legitimate affiliate or the real platform."

Lookalike Domains

Central to the effort is the use of lookalike domains that resemble legitimate TikTok URLs, with over 15,000 impersonated websites been identified to date. "The scam mimics legitimate TikTok Shop activity through fake ads, profiles, and AI-generated content, tricking users into engaging to distribute malware," the company noted.

"Fake ads are widely circulated on Facebook and TikTok, featuring AI-generated videos that mimic real promotions to attract users with heavily discounted offers."

Javvad Malik, lead security awareness advocate at KnowBe4, said: “This particular attack shows how technical attacks are more often than not blended with social engineering tactics to exploit our trust in brands. By leveraging AI-generated content, lookalike domains, and convincing social ads, criminals can tap into the human nature of curiosity and platform trust.

“It serves as a reminder that individuals and organisations need to remain sceptical of offers that appear too good to be true and verify websites before entering credentials. While technology can reduce the number of threats, it cannot completely eliminate them, which is why user vigilance remains an essential component for good security."


Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Application SecurityCyber CrimeMalware Published: 5 August Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Zero Click Attacks: The Risk To Business

Zero Click Attacks: The Risk To Business

 Cyber incident involving rerouted payment drains Zephyr of £700K

Cyber incident involving rerouted payment drains Zephyr of £700K

 Hijacked NHS Scotland domains push adult content

Hijacked NHS Scotland domains push adult content
UK cybercrime significantly outpaces police staffing growth

UK cybercrime significantly outpaces police staffing growth

 Fraud losses top £629M as UK ramps up enforcement

Fraud losses top £629M as UK ramps up enforcement

 Youth cybercrime radicalization driven by online platforms, NCA leader says

Youth cybercrime radicalization driven by online platforms, NCA leader says
Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses