"Infostealers Distributed via Fraudulent CapCut Websites"

Different information-stealing malware strains have been distributed using websites posing as the TikTok video editor CapCut in different campaigns. A Cyble report revealed that the threat actors behind the first campaign used fraudulent CapCut websites to facilitate the distribution of the Offx Stealer with a PyInstaller-compiled binary on Windows 8, 10, and 11 devices. Offx Stealer's execution would enable the exfiltration of web browser passwords, cookies, and certain file types, as well as information from cryptocurrency wallet apps, messaging apps, and remote access software. The second campaign involved the delivery of a batch script-containing file that triggered a PowerShell script facilitating the delivery of the RedLine stealer and a .NET executable. RedLine would enable data theft, whereas the other payload would ensure the data thief remains undetected on the compromised systems. This article continues to discuss the distribution of information-stealing malware strains through fraudulent CapCut websites. 

SC Media reports "Infostealers Distributed via Fraudulent CapCut Websites"