Fake TikTok Apps Spread Malware in Sophisticated Social Engineering Campaign

A new wave of sophisticated social engineering attacks is exploiting TikTok's popularity through counterfeit applications and AI-generated content, security analysts report. The multi-pronged campaign, active since early 2025, combines several concerning trends in cybercrime: AI-generated influencers, fake limited-time offers, and mobile malware that evades standard detection mechanisms.

The malware, identified as SparkKitty, operates through seemingly legitimate TikTok clone applications distributed via third-party app stores and phishing links. These apps promise exclusive features like 'verified creator status' or 'TikTok Pro tools' to entice users into downloading them. Once installed, SparkKitty employs multiple persistence mechanisms:

What makes this campaign particularly effective is its use of AI-generated 'verified' profiles that mimic popular creators. These profiles post comments on genuine TikTok videos, luring users to external sites. Cybersecurity firm DarkTide observed over 120 such fake profiles promoting the malicious apps last month alone.

Protection Recommendations:

The campaign appears to be the work of an established cybercrime group previously involved in banking trojan distribution. Its infrastructure shows connections to earlier operations targeting Brazilian and Spanish banking customers. With TikTok's continued growth, experts warn similar campaigns will likely increase in sophistication and frequency.