Is your TikTok Shop still safe? AI + fake apps + phishing pages, the new type of scam "ClickTok" is targeting your encryption wallet.

A recent report by security research agency CTM360 pointed out that a scam named "ClickTok" is targeting global TikTok Shop users through an intertwined attack chain involving artificial intelligence (AI), malware, and social engineering, with the primary goal of stealing users' crypto assets. (Previous summary: Your computer is helping hackers mine Bitcoin! 3,500 websites have been implanted with "mining scripts," invisibly hijacking users without their knowledge.) (Background: Microsoft teams up with FBI to combat North Korean hacker scams! Freezing 3,000 accounts, capturing U.S. "worker accomplices.") Have you ever wondered if your TikTok is safe? Security research agency CTM360 recently released a report indicating that a scam named "ClickTok" is targeting global TikTok Shop users through an intertwined attack chain involving artificial intelligence (AI), malware, and social engineering, with the primary goal of stealing users' crypto assets. In just a few weeks, investigators have tracked over 15,000 spoofed domains and 5,000 malicious download links, with the scale and precision of the attacks setting new records. How the new "ClickTok" lures TikTok Shop users The report states that hackers first replicate the TikTok Shop interface using domains like .top, .shop, .icu, and then use AI-generated ads and short videos to mimic well-known influencers or brands, guiding victims to click links like "Great Discounts" and "Limited Time Offers." After users enter wallet information on what appears to be an official page, their assets are directly transferred to an address controlled by the attackers. Additionally, a more covert step is to trick users into downloading fake mobile apps. These apps often hide backdoors, waiting for the next command from hackers after installation, or quietly open browser tabs in the background to further collect users' browser and fingerprint data, preparing for the subsequent theft of user assets. The complete path from phishing to implanting malware Behind the spoofed pages, the key lies in SparkKitty. CTM360 points out that hackers spread SparkKitty through at least 5,000 URLs. Once installed, SparkKitty activates Optical Character Recognition (OCR) functions, scanning users' phones for screenshots and targeting mnemonic phrases, private keys, and other data. Once users' privacy data is identified, SparkKitty will immediately encrypt and send this data to a remote server controlled by the hackers. At the same time, if victims attempt to log in with their email, hackers will prevent users from logging in and then guide them to use their Google account. During this process, attackers hijack users' OAuth session tokens, directly gaining account control and bypassing MFA verification. "ClickFix" further expands the attack surface It is worth mentioning that another "ClickFix" attack script has injected new firepower into this type of scam. In this scam method, hackers embed fake CAPTCHAs in the pages; when users click, the website will copy malicious JavaScript code to the clipboard and guide victims to paste it into the local terminal or Windows Run dialog box. This action can install remote access trojans (RAT) and keyloggers, such as AsyncRAT, Lumma Stealer, DarkGate, etc., allowing attackers to maintain long-term control over victims' electronic devices, screens, keyboards, and crypto wallet activities. Since this process is packaged as "common browser operations," many victims believe it without doubt. Hackers further combine AI-generated content, upgrading traditional phishing into a hybrid scam that implants malware without requiring downloads, making it difficult to defend against. Personal asset protection strategy For ordinary users, multi-layered defense remains the best strategy. First, before downloading any shopping app or plugin, be sure to compare with official announcements or store pages; when involving financial transactions, it is advisable to use hardware or cold wallets and enable multi-factor authentication. Second, install trusted security software and keep automatic updates, which can timely block new variants of trojans. Finally, when faced with promotions like "AI Smart Investment" or "Guaranteed High Returns," directly verify with platform customer service or professional communities to avoid falling into traps due to personal greed. "ClickTok" integrates AI disguise, social engineering, and malware into an unprecedented attack matrix, reminding investors and consumers once again: the convenience and risks of the digital economy coexist. Only by developing a security mindset and establishing multi-layered protection can one safeguard crypto assets and personal data in the rapidly changing scam battlefield. Related reports: Brazil's Central Bank's 140 million USD reserves were hacked! The stolen funds were converted into Bitcoin, and the hacker's cost was only 2,760 USD, with service providers becoming the breach. Cold Wallet Trezor warns: Hackers impersonate official messages to carry out phishing attacks; never share your wallet private key. DeFi protocol ResupplyFi suffered a hacker attack, losing 9.6 million USD, and the native stablecoin reUSD once depegged to 0.969 USD. <Is your TikTok Shop still safe? AI + fake app + phishing page, the new scam "ClickTok" is targeting your crypto wallet> This article was first published in BlockTempo, the most influential blockchain news media.