BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Attackers are distributing a new stealer under the guise of CapCut

    Fraudsters take advantage of the fact that the application is banned in other countries and offer users alternative download methods.

    Cybersecurity firm Cyble discovered two campaigns in which attackers distribute malware under the guise of CapCut, a popular video editor for TikTok.

    CapCut is ByteDance's official video editor for TikTok. The application has more than 500 million downloads on Google Play alone, and more than 30 million users visit the program website per month.

    The popularity of the app, as well as its ban in Taiwan, India, and other countries, has forced users to look for alternative ways to download the program. Cybercriminals take advantage of these restrictions by creating fake sites that distribute malware that mimics CapCut installers.

    It is not known how the victims get to these sites, but usually attackers use black hat search engine optimization (Black Hat SEO), search advertising and social networks to promote sites.

    In the first campaign, the victim downloads the Offx Stealer for Windows 8, 10, and 11 from a fake website. When the victim launches the downloaded file, they receive a fake error message stating that the application failed to launch. However, Offx Stealer continues to run in the background.

    The malware collects:

    passwords and cookies from web browsers and certain file types (.txt, .lua, .pdf, .png, .jpg, .jpeg, .py, .cpp and .db) from the user's desktop folder;
    data from Discord and Telegram;
    data from cryptocurrency wallet applications (Exodus, Atomic, Ethereum, Coinomi, Bytecoin, Guarda and Zcash);
    information from the UltraViewer and AnyDesk remote access software.

    All stolen data is stored in a randomly generated directory in the "%AppData%" folder, archived and then sent to hackers in a private Telegram channel. After the files are exfiltrated, the created directory is deleted to erase the traces of the infection.

    The second campaign delivers the "CapCut_Pro_Edit_Video.rar" archive to devices, which, when opened, launches a PowerShell script. The PowerShell script downloads the final Redline Stealer payload and the .NET executable. (needed to bypass the Windows AMSI security feature, allowing Redline Stealer to run undetected).

    To avoid the risk of malware infection, download software directly from official sites, and not from sites shared by other users on social networks or private messages. As a reminder, CapCut is available on "capcut.com", Google Play (for Android) and App Store (for iOS).

    Author DeepWeb
    BlackCat stole documents from international accounting firm Mazars Group
    New RA Group breaks into cyberspace

    Comments 0

    Add comment