- PHISHING ELECTRONICS “will notify” the victims of an active subscription of $ 50
- Victims can “cancel” the subscription, clicking on a link in the email body
- The link leads to a false login page where Apple ID credentials are harvested
Cybercriminals are moving through a popular video editing application to steal people’s Apple ID session late, security researchers warn.
Earlier this week, the Cofense security team warned about detecting a new Phishing campaign. In it, the attackers would falsify Capcut, an application of video editing and graphic edition developed by Bytedance, the company behind Tiktok.
Capcut is immensely popular, with hundreds of millions of active users. It offers both a free level and a paid level, which is what the attackers are now abusing.
Steal credentials
The falsified email mimics the Capcut brand to increase legitimacy, and “notify” the victim who just subscribed to the pay version, which costs $ 50.
In addition in the email, the victim is offered to “cancel the subscription” if it was made by mistake.
With many mobile applications that charge for their default services, it is not completely irrational to trust email and hurry to cancel the subscription.
However, clicking on the link redirects the victim to a login page of Apple False, where they are asked to provide their Apple ID credentials.
These credentials are transmitted to the attackers, who can use to access the images, messages and other confidential data of the people. They can also use it to make purchases, causing direct financial damage as well.
The best way to defend themselves from these attacks, says Cofense, is to be skeptical of all incoming emails, especially those who require people to do something urgently:
“This Phishing campaign highlights the ease with which family brand and urgency can be manipulated. By imitating the identity of Capcut/Apple and hanging the threat of unwanted positions, the attackers guide the victims through a process of theft of transparent two stages,” explain the researchers.
“The use of a false verification step in the end is a subtle but strategic movement to delay suspicion and extend the attack window. As always, skepticism is a critical defense: verify the URL carefully, question the unexpected indications of confidential information and report suspicious messages.”
Through Cybernews
