Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with a banking trojan and an information stealer.
VSDC is a popular, free video editing and converting app and its website has over 1.3 million monthly visitors, for this reason, this incident may have potentially exposed a large number of people. The hackers already compromised the official website of VSDC in the past, in previous attacks they hijacked the download links to deliver malware to the victims.
“Doctor Web researchers discovered that the official website of a well-known video editing software, VSDC, was compromised.” reads the blog post published by Dr. Web.
“The hackers hijacked download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan
The Win32.Bolik.2 malware is a modular polymorphic file Trojan that has the ability to perform web injections, traffic intercepts, key-logging and stealing information from different bank-client systems.
At the moment, experts believe at least 565 people who downloaded the software were infected.
Attackers also delivered the KPOT Stealer, a variant of Trojan.PWS.Stealer, starting from March 22. The malware is able to steal information from web browsers, Microsoft accounts, several messenger services, and some other programs.
According to the researchers, 83 users were infected with the information stealer.
In July 2018, experts from Chinese security firm Qihoo 360 Total Security discovered that attackers hijacked the download links of the VSDC website.
The experts discovered that hackers hijacked download links on the websites in three different periods, the links were pointing to servers they were operating.
Below the details of the three different attacks:
At the time, hackers were serving the visitors the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor.
Users that had downloaded the software in the above between have to scan their system for malware using an up-to-date of the antivirus software.
Users are also recommended to change their passwords for banking websites and other services.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.