Reported by cybersecurity firm CMT360, the scheme involves fraudsters creating convincing imitations of legitimate e-commerce profiles, often using AI-generated content to bolster credibility.
These fake “TikTok Shops” – also seen on Facebook – advertise steep discounts to lure potential buyers. Once users click through, they are redirected to phishing portals disguised as genuine retail sites.
According to CTM360, more than 10,000 fraudulent URLs have been traced to TikTok Wholesale and Mall pages.
🚨 15,000+ fake TikTok Shop domains are being used in an AI-powered scam campaign dubbed ClickTok, blending phishing, malware, and crypto theft into one deceptive funnel.
From trojanized apps and fake storefronts to AI-generated influencer videos and phishing pages, threat… pic.twitter.com/46Zi1Gritp
— Rhythm Jain (@cyphorX) August 5, 2025
The sites offer “buy links” leading to fake payment pages, where victims, particularly younger audiences, are tricked into depositing funds into counterfeit online wallets or paying for non-existent products.
Some operations go further, posing as affiliate management services and distributing malicious apps designed to compromise sellers’ devices, as reported by TechRadar.
One identified strain, dubbed SparkKitty, has the capability to harvest sensitive information from both Android and iOS devices, enabling long-term surveillance and control.
Investigators say over 5,000 malicious download sources – often spread via embedded links or QR codes – have been uncovered in connection with the campaign.
🚨ALERT: Fake TikTok Clones Target Crypto Users
Cyber firm CTM360 warns of “FraudonTok” 15K+ fake TikTok sites & apps using AI deepfakes + SparkKitty malware to steal seed phrases.
🧠 Tip: Never store seed phrases on your phone. pic.twitter.com/fpPIYzG9pa
— BeInCrypto (@beincrypto) August 8, 2025
The attackers frequently use high-pressure sales tactics, such as countdown timers and “flash sales,” to prompt snap decisions.
Many of the fraudulent sites operate under low-cost domain extensions like ‘.top’, ‘.shop’, and ‘.icu’, allowing them to be set up quickly and inexpensively.
CMT360 urge users to verify web addresses before entering payment details, avoid direct cryptocurrency or wire transfers, and install robust security software to block malicious sites.
“Even professional-looking storefronts can conceal highly sophisticated scams,” CTM360 noted.