HQ/EMEAFind out how we can help your business
A new cybercriminal campaign has set up a fake CapCut website to disseminate a couple of information stealer malware. CapCut is a video editing application that allows users to customise their videos.
However, the application faced bans in several countries, especially India and Taiwan. Therefore, users from countries that banned the application have been searching for new ways to acquire CapCut.
Threat actors have pounced on the opportunity and developed websites that offer a fake CapCut application. Researchers suspect these actors used search ads, black hat SEO and social media to gain traction and advertise their malicious websites.
Moreover, the threat actors allegedly utilised several domains to distribute information-stealing malware strains to victims’ systems.
The fake CapCut websites have two stealer malware strains that could harvest information from deceived victims.
The first malware the group uses in the fake CapCut app website is the Offx Stealer. The site will infect a target once it presses the download button on the page. The stealer leverages PyInstaller and only operates on Windows 8, 10, and 11.
Next, the file will show a fake error message that states that the app launched has failed after completing the download. However, the Offx Stealer will keep operating in the background without the user’s consent.
The malware could steal credentials and cookies from web browsers and target stored data in Telegram, Discord, remote access software products, and well-known cryptocurrency wallet applications.
The other malware on the CapCut website is the Redline Stealer. The site offers a rar file with a batch script that executes a PowerShell script once a user opens it. Subsequently, the PowerShell script decompresses, decrypts, and loads a DotNET executable and the Redline Stealer malware. In addition, the same fake CapCut website serves as a host for the BatLoader malware strain.
The ongoing malware distribution attack that includes social engineering lures and sophisticated tactics to deploy malware could infect millions. Users should refrain from downloading apps from unknown and sketchy sources and only from official websites. Lastly, avoid downloading from advertised results on Google, especially software tools.
