![]() ![]() The stealer binary (SHA 256: 8dd5d02bb6313997fcaa6515ccb2308c37a81374baef188554ba20d23602c01c) is compiled using PyInstaller indicating that the stealer is coded in Python. ![]() One notable instance involved a phishing website hosting the Offx stealer, while in another campaign, a phishing website served as a host for BatLoader, subsequently delivering the redline stealer onto the targeted systems. Several TAs have been utilizing the CapCut phishing website as a platform to disseminate various malware families. Furthermore, with the ban imposed on CapCut by Taiwan, India, and several other countries, users might actively pursue alternative means to download the application, unknowingly putting themselves at risk of encountering these malicious websites. The increasing popularity of the application in various countries has made it an appealing lure for TAs over the past few years. In these campaigns, Threat Actors (TAs) specifically targeted the CapCut video editing tool, a product of ByteDance, the same parent company that owns TikTok. These fraudulent sites lure users into downloading and executing various types of malware families such as stealers, RAT, etc. Phishing Campaigns Exploit CapCut’s Popularity to Deliver Multiple StealersĬyble Research and Intelligence Labs (CRIL) recently discovered a series of phishing websites posing as video editing software. ![]()
0 Comments
Leave a Reply. |