Pro

Extreme price swings in wholesale electricity markets and growing concerns around grid instability are opening up new markets for energy storage. Batteries are now a critical solution to drive value for both capital and consumers.

Full PDF Report.

CTM360 has discovered a widespread ongoing malicious campaign specifically aimed at TikTok Shop users across the globe. Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users. The core tactic involves a deceptive replica of TikTok Shop that tricks users into thinking theyʼre interacting with a legitimate affiliate or the real platform. We have dubbed this Tiktok Shop scam campaign as “ClickTokˮ.

The ongoing TikTok Shop scam campaign employs multiple sophisticated tactics to target different users including end users (buyers), and TikTok Shop Affiliate Program participants on the platform. The Threat actors are using fake Meta ads and AI-generated TikTok videos that mimic influencers or official brand ambassadors.

A key element of the campaign involves lookalike domains that closely mimic legitimate TikTok URLs. These domains serve two main purposes: hosting phishing pages designed to steal user credentials and distributing trojanized apps. Once installed, these trojanized apps mimic TikTokʼs interface but covertly deploy a variant of the SparkKitty Spyware, enabling deep data exfiltration from compromised devices.

Key Findings on ClickTok Scam Campaign:

• The campaignʼs scope extends beyond TikTok Shop impersonation and includes fraudulent versions of TikTok Wholesale and TikTok Mall. Over 10,000 + impersonated websites have been identified to date, many hosted on dedicated spoofed domains.
• TikTok shop sites have been observed using free or low-cost top-level domains such as .top, .shop, and .icu etc.
• The threat actors distribute malicious App files through embedded download links and QR codes, with 5,000 distinct App download sites detected thus far.
• The campaign cryptocurrency wallet as the payment method, subsequently hijacks transactions to carry out fraud and steal digital funds.
• TikTok Shop is officially available in 17 countries, including the UK, US, Indonesia, and several in Europe and Asia; however, TikTok shop scams is rapidly increasing and spreading on a global scale, targeting users worldwide beyond these regions.

A string of hashtags has appeared on social media platforms using disinformation and promoting conspiracy theories about climate change. This analysis of interaction with these hashtags shows that they were mainly promoted by accounts linked to oil interests in Gulf countries. It also showed that this interaction coincided with international and regional events related to the climate issues, and was at odds with the stated positions of these countries, which claim to abide by international climate agreements.