Cloned CapCut websites push information stealing malware

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/cloned-capcut-websites-push-information-stealing-malware/

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims.

CapCut is ByteDance's official video editor and maker for TikTok, supporting music mixing, color filters, animation, slow-mo effects, picture-in-picture, stabilization, and more.

It has over 500 million downloads on Google Play alone, and its website receives over 30 million hits monthly.

The application's popularity, combined with nationwide bans in Taiwan, India, and other places, has pushed users to seek alternative ways of downloading the program.

However, threat actors exploit this by creating websites that distribute malware disguised as CapCut installers.

The malicious websites were discovered by Cyble, which reports seeing two campaigns distributing different malware strains.

No specific information about how victims are directed on these sites was provided, but typically, threat actors use black hat SEO, search ads, and social media to promote the sites.

To stay safe from malware, download software directly from official sites rather than sites shared in forums, social media, or direct messages, and also make sure to avoid promoted results when searching for software tools on Google.

In this case, CapCut is available through capcut.com, Google Play (for Android), and the App Store (for iOS).

Cloned CapCut websites push information stealing malware

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims.

www.bleepingcomputer.com