CTM360 Media Center

CTM360 uncovers “FraudOnTok,” a TikTok Shop scam campaign using phishing sites, fake Meta ads, and trojanized APKs to deploy SparkKitty spyware

A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries.

CTM360’s BaitTrap report exposes a widespread scam network using fake news websites to promote fraudulent investments via platforms like Trap10 and Eclipse Earn.

Explore how info-stealer malware quietly breaches systems, steals sensitive data, and evades detection. Learn practical defenses for individuals and businesses.

Cairo, Egypt – Fawry, Egypt’s leading fintech company, has partnered with CTM360, a globally recognized leader in Digital Risk Protection, to strengthen its cybersecurity capabilities and protect its digital ecosystem from evolving online threats. The collaboration is a key step in Fawry’s commitment to strengthening its digital defenses and ensuring a safer online experience for its customers and partners.

According to a new report from CTM360, the attackers didn’t need to break down the door, they were invited in through misplaced trust and weak identity safeguards.

The campaign uses fake Google ads and advanced filtering techniques to steal sensitive login credentials and bypass MFA.

CTM360 has observed a notable surge in two SMS-based phishing campaigns: PointyPhish (reward scams) and TollShark (toll payment scams). PointyPhish is linked to over 3,000 domains and phishing sites, preying on urgency by claiming expiring reward points to trick customers into fraudulent sites that steal payment details

Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing over sensitive details like passwords and security codes (OTP).

CTM360’s latest report breaks down the UK retail ransomware campaign and offers specific mitigation steps across all stages of the attack chain.

CTM360 uncovers CyberHeist Phish, a campaign that mimics corporate banking logins to steal credentials and bypass 2FA with real-time interaction.

CTM360 reveals the Meta Mirage campaign—a global phishing threat targeting Meta Business Suite accounts with fake alerts and impersonation tactics.