The immensely popular VSDC multimedia editing software has reportedly been hacked and used to spread banking trojan.
Reports say that users who have downloaded the VSDC editing software, which is one of the most popular, free video editing and converting app, between February to late March this year could probably get infected with a banking trojan and an information stealer. The official website of the software, which have over 1.3 million people visiting it per month, has been hacked.
Researchers at Russian antivirus company Dr.Web have detected this hack at VSDC; a news post on the official website of the company says, “Doctor Web researchers discovered that the official website of a well-known video editing software, VSDC, was compromised. The hackers hijacked download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the editing software.”
Dr.Web researchers point out that the security measures that the VSDC website developers have adopted are mostly insufficient for the traffic volume it has and that puts a large number of people at risk.
The Hacker News, in a report on the incident, points out that the website, despite being immensely popular among editors, has been running and offering downloads over an insecure HTTP connection. The Hacker News report further says that though it’s not clear as to how the attackers had managed to get the website hacked, it has been revealed by researchers that the breach was not meant to infect all users, unlike the attack that happened on the VSDC website last year.
The Dr.Web researchers explain how last year’s attack happened- “Last year unknown hackers gained access to the administrative side of the VSDC website and replaced the download links. Instead of the editing software, users received a JavaScript file, which then downloaded the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor. The VSDC team stated that they closed the vulnerability, but recently we received information about additional cases of infection through their website.”
They also explain how the latest hack happened- “According to our researchers, the VSDC developer’s computer has been compromised several times since the previous incident. One such hack led to the website being compromised again between 2019-02-21 and 2019-03-23. This time hackers took a different approach to spreading the malware: they embedded a malicious JavaScript code inside the VSDC website. Its task was to determine the visitor’s geolocation and replace download links for users from the UK, USA, Canada and Australia. Native website links were substituted by links to another compromised website.”
Thus, those who downloaded the software from the VSDC website also got the dangerous banking trojan Win32.Bolik.2, which, like Win32.Bolik.1, has qualities of a multicomponent polymorphic file virus. These trojans perform web injections, traffic intercepts, key-logging and the stealing of information from different bank-client systems. The Dr.Web researchers had got information on at least 565 cases of infection with this trojan via videosoftdev site.
On March 22, the hackers changed the Win32.Bolik.2 trojan to another malware, a variation of the Trojan.PWS.Stealer, which “steals information from browsers, Microsoft accounts, several messengers and some other programs”. As many as 83 users downloaded this malware in just one day. Upon detection, the researchers notified VSDC developers about the threat.
It’s best that users who had downloaded the VSDC software between 2019-02-21 and 2019-03-23 immediately install antivirus software with the latest up-to-date definitions and go for a scan. It would also be good if they changed their passwords for all banking websites and important social media platforms also, after scanning and cleaning their systems.
Source: https://thehackernews.com/2019/04/free-video-editing-malware.html
Also, Read:
How Protect Your Android Device From The Mobile Banking Trojan
Redaman Banking Trojan of 2015 Resurrects, Targets Russian Email Users
