A new crypto scam is taking off, as thousands of fake TikTok clones are infecting their users with malware. These apps appear normal using counterfeit profiles and AI-generated content while stealing user seed phrases.
A cybersecurity firm documented at least 15,000 impersonated websites with lookalike domains, but it’s unclear how widespread the campaign has been. Hackers use the SparkKitty malware, which is a recent invention.
TikTok Clones Scam Crypto Users
Social media has been a popular vector for crypto scams, and new attack methods are impacting TikTok. In previous years, deepfake impersonation videos and fake meme coins represented the worst criminal enterprises on the platform. Now, however, new reports suggest that the technology is getting more insidious.
In what CTM360, a cybersecurity firm, is calling “FraudonTok,” websites are using TikTok’s branding to advertise malware scams.
The lure for these operations comes through sponsored ads on the genuine platform and other social media apps. From there, users are directed to download new apps with TikTok’s branding.
On the surface, these scam apps run just like TikTok itself. The criminals even employ fake profiles, ads, and AI-generated deepfakes to maintain the realistic experience.
However, the apps work to run phishing operations and steal wallet information. CTM360 identified around 15,000 of these fake platforms.
A Sophisticated Operation
The exact details of the malware reveal valuable information about the criminals’ abilities. Specifically, these fake TikTok clients employ SparkKitty, a scam malware first created in the last three months.
SparkKitty is an upgraded form of earlier malware protocols, so these criminals are using state-of-the-art software tools.
On fake TikTok apps, SparkKitty works the same way it has in other recent scams. It finds access to scan a phone for any possible hint of the victim’s seed phrase or other compromising information and directs the phone towards the criminals.
Hackers can then employ their own discretion to act, passively collecting data before executing a real theft.
Still, the standard cybersecurity measures apply here, and they should keep users safe. If you are already a TikTok user, any new app with its branding is probably a scam.
Don’t keep seed phrases on your phone under any circumstances. Exercise caution with your personal information, and you should remain safe.
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
