Different information-stealing malware strains have been distributed in separate campaigns leveraging websites masquerading as the TikTok video editor CapCut, according to BleepingComputer.
Threat actors behind the first campaign used fraudulent CapCut sites to facilitate the delivery of the Offx Stealer with a PyInstaller-compiled binary on Windows 8, 10, and 11 devices, a Cyble report showed. Execution of Offx Stealer would enable the exfiltration of web browser passwords and cookies and certain file types, as well as data in cryptocurrency wallet apps, messaging apps, and remote access software.
On the other hand, the second campaign involved the deployment of a batch script-containing file that would prompt a PowerShell script that would then facilitate the delivery of the RedLine stealer and a .NET executable. While RedLine would enable data theft, the other payload would ensure that the stealer remains undetected on the impacted systems.
All fraudulent websites including capcut-freedownload[.]com, capcutfreedownload[.]com, capcut-editor-video[.]com, capcutdownload[.]com, and capcutpc-download[.]com have already been disrupted and users have been urged to download CapCut from legitimate channels to avoid compromise.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news