FraudOnTok

CTM360 has identified a global malicious campaign dubbed FraudOnTok, targeting TikTok Shop users and affiliates. Threat actors use fake Meta ads, AI-generated videos, and lookalike domains to trick victims into phishing sites and trojanized app downloads.
‍
Over 10,000 fake sites and 5,000+ malicious apps have been detected, many distributing the SparkKitty spyware, enabling data theft from compromised devices.
‍
The campaign bypasses traditional payment flows by hijacking transactions via crypto wallets, expanding beyond TikTok’s official markets into a worldwide threat. CTM360 continues to monitor and takedown these threats in real time.