New TikTok Scam Uses AI Ads and Spyware to Trick Users

A massive scam campaign targeting TikTok Shop users is spreading globally, cybersecurity firm CTM360 has warned.

The operation, known as “ClickTok,” uses phishing techniques together with malware to steal money, user credentials, as well as images from victims’ devices.

The scam operates through two main methods which either deceive users into visiting fake TikTok Shop websites, or trick them into installing fake TikTok platform apps that contain malicious content.

CTM360 says, “The campaignʼs scope extends beyond TikTok Shop impersonation and includes fraudulent versions of TikTok Wholesale and TikTok Mall” So far, over 10,000 fake websites and 5,000 malicious app download links have been found.

The victims are reached via AI-generated advertisements on Meta platforms and TikTok, which mimic influencers and brand ambassadors. The fake sites and apps use lookalike domains such as ‘.top’, ‘.shop’, or ‘.icu’ and include urgent product offers to pressure users into cryptocurrency payments.

CTM360 notes that the goal is clear: “The TikTok Shop scam monetizes by tricking buyers and affiliate program participants into depositing money for products or commissions theyʼll never receive.”

One version of the scam app mimics TikTok’s design but includes the SparkKitty spyware. This Trojan harvests login data, crypto wallet details, and images from the device gallery. It uses ‘hardcoded command-and-control servers’, making detection easier for researchers—but also confirming the app’s malicious intent. “The app initiates communication with a C2 domain […] where it requests an encrypted configuration file,” the report explains.

The worldwide growth of TikTok Shop has led to an increase in scams including ClickTok. Users should stay away from suspicious links while being cautious about AI-generated promotions and should never give crypto payments to unverified sellers.