Hackers once again got control of VSDC, a free multimedia editor website. Banking Trojan and information stealer were spreading through the download links.
This intrusion was discovered by the researchers of Doctor Web, according to whom the hackers hijacked and infected the downloadable files on the website and made visitors of the site download the banking Trojan, Win32.Bolik.2, Trojan.PWS.Stealer as well as the editing software.
VSDC boasts nearly 13 million users, which makes this incident even more dangerous considering the number of potential victims.
In July 2018, a Chinese security firm, Qihoo 360 Total Security found out that hackers have breached the security of VSDC website. The three specific dates, June 18, July 2 and July 6 were also mentioned when the attackers were active.
Ivan Korolev, a malware analyst at Doctor Web said that during that incidents the download links were exchanged with the link directing the visitors to JavaScript files by the hackers. These JavaScript files were used to drop "AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor" on the computers of the victims.
The VSDC team said that they have worked on the vulnerability that let hackers attack the site, whereas researchers said the attack happened again many times.
The report by the Doctor Web researchers said that after the previous incident, the VSDC developer’s computer was compromised many times, as recently the website was hacked during the 21 February 2019 to 23rd February 2019. This time the malware was spread by embedding a malicious JavaScript code into the website. The job of malware was to determine the geolocation of the traffic, and target users from UK, USA, Canadian, and Australian regions.
People who had been to VSDC recently and downloaded their video editor and converter software got their computers affected with the multi-component polymorphic banking Trojan, Win32.Bolik and KPOT Stealer Trojan.
The banking Trojan is for performing web injections, intercepting the traffic, key-logging and also for stealing the sensitive information the bank-client systems. Whereas KPOT for stealer is responsible for swiping information from different programs like browsers, Microsoft accounts, messengers, etc.
As per the Doctor Web report, Win32.Bolik.2 banking Trojan had been affecting the computers of 565 users after downloading from VSDC and around 83 had been affected with KPOT stealer.
The developers of VSDC were informed about this and they took a step for replacing the download links to the original ones.
In response to his. The VSDC team said that with the growing popularity of the app, more attackers have been trying to take advantage of it. The site has a properly functioning security system but it too was affected by the attackers using a different approach this time.
The security vulnerability had been detected by the company where the administrative side and the program files were safe, said the VSDC. An innovative protection algorithm has been used by the company so the similar attacks can be prevented in the future. It also mentioned that now the visitors and the software users should not be worried about any threat.
Read next: Cyber Crime Market Is Offering Access To Full Digital Fingerprints Of Over 60,000 Users
This intrusion was discovered by the researchers of Doctor Web, according to whom the hackers hijacked and infected the downloadable files on the website and made visitors of the site download the banking Trojan, Win32.Bolik.2, Trojan.PWS.Stealer as well as the editing software.
VSDC boasts nearly 13 million users, which makes this incident even more dangerous considering the number of potential victims.
In July 2018, a Chinese security firm, Qihoo 360 Total Security found out that hackers have breached the security of VSDC website. The three specific dates, June 18, July 2 and July 6 were also mentioned when the attackers were active.
Ivan Korolev, a malware analyst at Doctor Web said that during that incidents the download links were exchanged with the link directing the visitors to JavaScript files by the hackers. These JavaScript files were used to drop "AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor" on the computers of the victims.
The VSDC team said that they have worked on the vulnerability that let hackers attack the site, whereas researchers said the attack happened again many times.
The report by the Doctor Web researchers said that after the previous incident, the VSDC developer’s computer was compromised many times, as recently the website was hacked during the 21 February 2019 to 23rd February 2019. This time the malware was spread by embedding a malicious JavaScript code into the website. The job of malware was to determine the geolocation of the traffic, and target users from UK, USA, Canadian, and Australian regions.
People who had been to VSDC recently and downloaded their video editor and converter software got their computers affected with the multi-component polymorphic banking Trojan, Win32.Bolik and KPOT Stealer Trojan.
The banking Trojan is for performing web injections, intercepting the traffic, key-logging and also for stealing the sensitive information the bank-client systems. Whereas KPOT for stealer is responsible for swiping information from different programs like browsers, Microsoft accounts, messengers, etc.
As per the Doctor Web report, Win32.Bolik.2 banking Trojan had been affecting the computers of 565 users after downloading from VSDC and around 83 had been affected with KPOT stealer.
The developers of VSDC were informed about this and they took a step for replacing the download links to the original ones.
In response to his. The VSDC team said that with the growing popularity of the app, more attackers have been trying to take advantage of it. The site has a properly functioning security system but it too was affected by the attackers using a different approach this time.
The security vulnerability had been detected by the company where the administrative side and the program files were safe, said the VSDC. An innovative protection algorithm has been used by the company so the similar attacks can be prevented in the future. It also mentioned that now the visitors and the software users should not be worried about any threat.
Read next: Cyber Crime Market Is Offering Access To Full Digital Fingerprints Of Over 60,000 Users