TikTok Shop Scams: 15,000+ Fake Domains Used to Steal Logins, Crypto, and Data

In an alarming development in the world of cybercrime, over 15,000 fake TikTok Shop domains have been uncovered in a sprawling scam operation targeting unsuspecting users across the globe. Bahrain-based cybersecurity firm CTM360 has dubbed the campaign “FraudOnTok”, highlighting the sophisticated blend of phishing, malware, and AI-powered deception behind it.

At the heart of the scam is a highly convincing impersonation of TikTok Shop, the popular e-commerce platform embedded within the TikTok app. Scammers are creating lookalike domains that mirror TikTok’s URLs—mostly using lesser-known top-level domains like .shop, .top, and .icu. These domains then host phishing pages or push bogus apps disguised as influencer storefronts.

🎬 AI-Generated Videos & Meta Ads Fuel the Attack

The threat actors behind FraudOnTok are deploying AI-generated videos that mimic TikTok influencers and brand ambassadors, along with paid ads on platforms like Meta and TikTok itself. These realistic videos advertise fake products at eye-catching discounts, luring users into clicking links that lead to phishing sites or downloading trojan apps.

📲 The Malware Behind the Curtain

A disturbing element of this campaign is the use of a cross-platform malware called SparkKitty. Once installed, SparkKitty can harvest sensitive information from both Android and iOS devices—from login credentials to stored crypto wallet data.

According to CTM360, at least 5,000 URLs are specifically designed to push malware-disguised apps by presenting them as legitimate TikTok Shop tools. Victims are duped into downloading these apps, believing they are managing orders or engaging with sellers, when in reality their data is being siphoned off.

💸 Crypto Theft & Fake Storefronts

The scheme doesn’t stop at credentials and spyware. Many of these phishing pages are also targeting cryptocurrency holders. By mimicking TikTok Shop’s layout and offering fake deals, scammers trick users into depositing crypto into fraudulent wallets—never to see it again.

🛑 How to Protect Yourself

CTM360 warns users to stay vigilant:

Double-check links before clicking—especially if it seems like an unusually good deal.

Avoid downloading apps from unofficial links, even if they’re advertised in slick TikTok videos.

Verify influencer promotions by checking the authenticity of the account and URL.

Be cautious of domains ending in .icu, .top, or .shop, especially when it comes to login or payment pages.

Use multi-factor authentication on your TikTok and crypto-related accounts

⚠️ Cautionary advice
Flashy videos can absolutely be traps. This attack isn’t just phishing—it’s a coordinated assault using AI, advertising platforms, malware, and crypto fraud. As scammers grow more sophisticated, cyber hygiene is no longer optional—it’s essential.

Stay safe. Stay skeptical.