GBHackers News reports that widely used short-form video editing app CapCut has been exploited in a two-stage phishing campaign aimed at exfiltrating Apple ID credentials and credit card details.
Attacks commenced with the delivery of a highly convincing email with a "Cancel your subscription" button, which redirects to a fake Apple ID login page that exfiltrates credential information through an HTTP POST request, an analysis from the Cofense Phishing Defense Center showed. Targets are then shown a dialog box purporting to be related to refund processing that seeks credit card information, with the page having identical command-and-control infrastructure as the initial phishing page. Cofense researchers also noted the attack to close with a fraudulent and nonfunctioning authentication code prompt, which aims to further establish the legitimacy of the operation. Such findings, which show the ease of weaponizing trust in phishing, should prompt increased scrutiny of URLs and the immediate reporting of dubious emails, researchers added.
Attacks commenced with the delivery of a highly convincing email with a "Cancel your subscription" button, which redirects to a fake Apple ID login page that exfiltrates credential information through an HTTP POST request, an analysis from the Cofense Phishing Defense Center showed. Targets are then shown a dialog box purporting to be related to refund processing that seeks credit card information, with the page having identical command-and-control infrastructure as the initial phishing page. Cofense researchers also noted the attack to close with a fraudulent and nonfunctioning authentication code prompt, which aims to further establish the legitimacy of the operation. Such findings, which show the ease of weaponizing trust in phishing, should prompt increased scrutiny of URLs and the immediate reporting of dubious emails, researchers added.
