Cloned CapCut websites push information stealing malware

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims.

CapCut is ByteDance's official video editor and maker for TikTok, supporting music mixing, color filters, animation, slow-mo effects, picture-in-picture, stabilization, and more.

It has over 500 million downloads on Google Play alone, and its website receives over 30 million hits monthly.

The application's popularity, combined with nationwide bans in Taiwan, India, and other places, has pushed users to seek alternative ways of downloading the program.

However, threat actors exploit this by creating websites that distribute malware disguised as CapCut installers.

The malicious websites were discovered by Cyble, which reports seeing two campaigns distributing different malware strains.

No specific information about how victims are directed on these sites was provided, but typically, threat actors use black hat SEO, search ads, and social media to promote the sites.
To stay safe from malware, download software directly from official sites rather than sites shared in forums, social media, or direct messages, and also make sure to avoid promoted results when searching for software tools on Google.

In this case, CapCut is available through capcut.com, Google Play (for Android), and the App Store (for iOS).
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top