Security firm CTM360 has uncovered a sophisticated malware operation targeting TikTok's e-commerce ecosystem. Dubbed 'ClickTok,' the hybrid attack combines fake shops and trojanized apps to deploy SparkKitty spyware, harvesting cryptocurrency credentials through screenshot theft. The campaign has already spawned over 10,000 impersonated domains and 5,000 malicious app instances.