According to Cyble, the group that identified the cloned sites, there are two different campaigns that are targeting users, each uses a different variety of malware and multiple domains. One uses a PyInstaller compiled binary that pushes Offx Stealer which works on Windows 8 and newer. As an information stealer, Offx Stealer, grabs quite a bit of data including numerous image and text files, database files and even python scripts. It can also grab passwords, cookies, Discord data, and Crypto Wallets from the devices it infects. Exfiltration has redundant methods including Telegram and AnonFiles (even threat groups get BC/DR concepts).
The second campaign sees the malware encapsulated in a rar file for execution on the target device. This drops a batch script that calls PowerShell (it is always PowerShell). The call to PowerShell then completed the rest of the hard work, decrypting the malware, unpacking the malware, and loading the malware. The malware in question here is Redline Stealer along with a .NET binary that gets around the Windows AMSI (Anti-Malware Scan Interface) which could allow Redline to remain undetected on an infected system.
Both campaigns can be protected against although the latter requires some advance configuration to ensure that PowerShell is not called by the batch script or that the PowerShell commands used in the second stage of installation are identified as Malicious. Blocking general processes from spawning PowerShell and/or blocking the execution of Base64 encoded scripts by PowerShell can do the trick. The downside is that the vast majority of consumers would not even be aware of how to get this configured on their own in Windows and Microsoft is not well known for helping consumers better understand security on their personal devices. Of course, there is the problem that in Windows Home configurable security options are thin on the group in the first place with very little a consumer can do to shore up the exposures available in PowerShell.
If you are a TikTok user, make sure you either have proper protections in place (a very good anti-malware solution, or just ensure you are only getting CapCut directly from Google Play, Apple App Store or from CapCut directly. In general, avoid using “free alternatives” or heavily promoted options when searching for tools. They are often a red flag to begin with.