If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer.
The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once again.
According to a new report Dr. Web published today and shared with The Hacker News, hackers hijacked the VSDC website and replaced its software download links leading to malware versions, tricking visitors into installing dangerous Win32.Bolik.2 banking trojan and KPOT stealer.
Even more ironic is that despite being so popular among the multimedia editors, the VSDC website is running and offering software downloads over an insecure HTTP connection.
Though it's unclear how hackers this time managed to hijack the website, researchers revealed that the breach was reportedly never intended to infect all users, unlike last year attack.
Instead, Dr.Web researchers found a malicious JavaScript code on the VSDC website that was designed to check visitor's geolocation and replace download links only for visitors from the UK, USA, Canada, and Australia.
The malicious code planted on the website went unnoticed for almost a month—between 21 February 2019 and 23 March 2019—until researcher discovered it and notified VSDC developers of the threat.
Targeted users were served with a dangerous banking trojan designed to perform "web injections, traffic intercepts, key-logging and stealing information from different bank-client systems."
Moreover, the attackers changed the Win32.Bolik.2 trojan to KPOT Stealer, a variant of Trojan.PWS.Stealer, on March 22, which steals information from web browsers, Microsoft accounts, several messenger services and some other programs.
According to the researchers, at least 565 visitors downloaded VSDC software infected with the banking trojan, while 83 users has had their systems infected with the information stealer.
VSDC site has been hacked several times in the past years. Just last year, unknown hackers managed to gain administrative access to its website and replaced the download links, eventually its visitors' computers with the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor.
It should be noted that just installing the clean version of the software update over the malicious package would not remove the malware code from the infected systems.
So, in case you had downloaded the software between that period, you should immediately install antivirus software, with the latest up-to-date definitions, and scan your system for malware.
Beside this, affected users are also recommended to change their passwords for important social media and banking websites after cleaning the systems or from a separate device.
The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once again.
According to a new report Dr. Web published today and shared with The Hacker News, hackers hijacked the VSDC website and replaced its software download links leading to malware versions, tricking visitors into installing dangerous Win32.Bolik.2 banking trojan and KPOT stealer.
Even more ironic is that despite being so popular among the multimedia editors, the VSDC website is running and offering software downloads over an insecure HTTP connection.
Though it's unclear how hackers this time managed to hijack the website, researchers revealed that the breach was reportedly never intended to infect all users, unlike last year attack.
Instead, Dr.Web researchers found a malicious JavaScript code on the VSDC website that was designed to check visitor's geolocation and replace download links only for visitors from the UK, USA, Canada, and Australia.
Insecure VSDC Website Was Distributing Malware for a Month
The malicious code planted on the website went unnoticed for almost a month—between 21 February 2019 and 23 March 2019—until researcher discovered it and notified VSDC developers of the threat.
Targeted users were served with a dangerous banking trojan designed to perform "web injections, traffic intercepts, key-logging and stealing information from different bank-client systems."
Moreover, the attackers changed the Win32.Bolik.2 trojan to KPOT Stealer, a variant of Trojan.PWS.Stealer, on March 22, which steals information from web browsers, Microsoft accounts, several messenger services and some other programs.
According to the researchers, at least 565 visitors downloaded VSDC software infected with the banking trojan, while 83 users has had their systems infected with the information stealer.
VSDC site has been hacked several times in the past years. Just last year, unknown hackers managed to gain administrative access to its website and replaced the download links, eventually its visitors' computers with the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor.
What to Do If You're a Victim?
It should be noted that just installing the clean version of the software update over the malicious package would not remove the malware code from the infected systems.
So, in case you had downloaded the software between that period, you should immediately install antivirus software, with the latest up-to-date definitions, and scan your system for malware.
Beside this, affected users are also recommended to change their passwords for important social media and banking websites after cleaning the systems or from a separate device.