Fraudsters Target Crypto Users on TikTok with New Scheme

In addition to infecting devices, the attackers deploy fake marketplaces that are visually identical to the official TikTok Shop, TikTok Wholesale, and TikTok Mall platforms. Users are convinced to log in and make purchases, and at the payment stage, they are asked to deposit funds through cryptocurrency wallets. Payment is accepted in USDT or Ethereum, but instead of purchasing goods, funds are redirected directly to the criminals' addresses.

According to CTM360, over 5,000 malicious applications distributed via TikTok and aimed at stealing cryptocurrency have already been identified. These programs often disguise themselves as harmless services or advertising applications, but their main goal is access to the victim's financial information.

The danger of the scheme is aggravated by the fact that TikTok is used not only for entertainment, but also as a platform for e-commerce. Users, trusting familiar interfaces, do not always notice the substitution of the site or suspicious behavior of the application. As a result, even experienced cryptocurrency owners can lose funds if they do not recognize the threat in time.

Not only SparkKitty and FraudOnTok pose a danger. Previously, experts from Check Point recorded a large-scale campaign called JSCEAL. It was aimed at owners of cryptocurrency assets and used fake versions of more than 50 popular applications, including Binance, MetaMask, and Kraken. Victims downloaded malware thinking they were installing official apps, but ended up giving access to their funds to attackers.

Experts recommend that TikTok and cryptocurrency users be especially careful: do not install apps from unverified sources, carefully check website addresses, and avoid entering wallet data on platforms that raise even the slightest doubt. In conditions where scammers are increasingly using hybrid attack methods, even one mistake can cost significant financial losses.