There is a high likelihood that your computer was infected with a banking trojan and an information stealer if you downloaded the VSDC multimedia editing software between late February and late March of this year.
Unfortunately, the official website of the VSDC software, one of the most popular free video editing and conversion apps with over 1.3 million monthly visitors, was again hacked.
According to a report published today by Dr. Web and shared with The Hacker News, hackers hacked the VSDC website and replaced its software download links with malicious versions, tricking visitors into installing Win32 malware.
Bolik.2 banking trojan and KPOT stealer.
Even more ironic is the fact that, despite being so popular among multimedia editors, the VSDC website operates over an insecure HTTP connection and offers software downloads.
In contrast to last year’s attack, it is unknown how hackers were able to seize control of the website this time around. However, according to researchers, the breach was never meant to infect all users.
Instead, Dr.Web researchers discovered malicious JavaScript code on the VSDC website that was designed to check the geolocation of visitors and replace download links only for those from the United Kingdom, the United States of America, Canada, and Australia.
A Month Ago, the Insecure VSDC Website Distributed Malware
Between 21 February 2019 and 23 March 2019, the malicious code planted on the website went unnoticed for almost a month until a researcher discovered it and alerted VSDC developers to the threat.
Targeted users were served with a dangerous banking trojan designed to perform “web injections, traffic intercepts, key-logging and stealing information from different bank-client systems.”
Moreover, the attackers changed Win32.Bolik.2 trojan to KPOT Stealer, a variant of Trojan.PWS.Stealer, on March 22, steals information from web browsers, Microsoft accounts, several messenger services, and some other programs.
According to the researchers, at least 565 visitors downloaded VSDC software infected with the banking trojan, while 83 users have had their systems infected with the information stealer.
The VSDC website has been hacked multiple times over the past few years. Unknown hackers were able to gain administrative access to the website and replace the download links, infecting visitors’ computers with the AZORult Stealer, X-Key Keylogger, and the DarkVNC backdoor. This incident occurred just one year ago.
What to Do If You’re a Victim?
Notably, simply installing the clean version of the software update over the malicious package would not remove the malware code from infected systems.
Therefore, if you downloaded the software during that time frame, you should install antivirus software with the most recent definitions and scan your system for malware.
In addition, it is recommended that affected users change their passwords for important social media and banking websites after cleaning their systems or using a separate device.
