According to online reports, the latest report from security research institute CTM360 shows that a hacking activity codenamed "ClickTok" is targeting TikTok Shop users on a global scale. Attackers have established more than 10,000 counterfeit websites and 5,000 malicious applications, using a hybrid fraud method to steal user account credentials and spread SparkKitty spyware, with the intention of stealing users 'cryptocurrency wallets. The event has been expanded beyond the 17 countries officially covered by TikTok Shop. Attackers mainly use low-cost domain names such as.top and.shop to build phishing websites and spread malicious programs through malicious QR codes and download links. Security experts advise users to visit TikTok Shop through official apps, carefully verify the authenticity of the website, and avoid downloading software from unknown sources.