Cybercriminals Exploit CapCut Popularity to Steal Apple ID Credentials and Credit Card Data

Threat actors have capitalized on the immense popularity of CapCut, the leading short-form video editing app, to orchestrate a highly deceptive phishing campaign.

According to the Cofense Phishing Defense Center (PDC), attackers are deploying meticulously crafted fake invoices that impersonate CapCut’s branding to lure users into surrendering their Apple ID credentials and credit card information.

This double-barreled attack not only exploits the trust users place in familiar branding but also employs sophisticated tactics to maximize the extraction of sensitive data while delaying suspicion.

Sophisticated Phishing Campaign

The campaign serves as a stark reminder of the evolving nature of social engineering threats and the critical need for vigilance in the digital space.

The phishing scheme begins with a seemingly legitimate email featuring a “Cancel your subscription” button, designed to instill urgency and trust through CapCut’s official imagery.

Once clicked, the user is redirected to ...