Multimedia Editing Software Hacked to Spread Banking Trojan
The immensely popular VSDC multimedia editing software has reportedly been hacked and used to spread banking trojan.
Reports say that users who have downloaded the VSDC editing software, which is one of the most popular, free video editing and converting app, between February to late March this year could probably get infected with a banking trojan and an information stealer. The official website of the software, which have over 1.3 million people visiting it per month, has been hacked.
Researchers at Russian antivirus company Dr.Web have detected this hack at VSDC; a news post on the official website of the company says, “Doctor Web researchers discovered that the official website of a well-known video editing software, VSDC, was compromised. The hackers hijacked download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the editing software.”
Dr.Web researchers point out that the security measures that the VSDC website developers have adopted are mostly insufficient for the traffic volume it has and that puts a large number of people at risk.
The Hacker News, in a report on the incident, points out that the website, despite being immensely popular among editors, has been running and offering downloads over an insecure HTTP connection. The Hacker News report further says that though it’s not clear as to how the attackers had managed to get the website hacked, it has been revealed by researchers that the breach was not meant to infect all users, unlike the attack that happened on the VSDC website last year.
Thus, those who downloaded the software from the VSDC website also got the dangerous banking trojan Win32.Bolik.2, which, like Win32.Bolik.1, has qualities of a multicomponent polymorphic file virus. These trojans perform web injections, traffic intercepts, key-logging and the stealing of information from different bank-client systems. The Dr.Web researchers had got information on at least 565 cases of infection with this trojan via videosoftdev site.
On March 22, the hackers changed the Win32.Bolik.2 trojan to another malware, a variation of the Trojan.PWS.Stealer, which “steals information from browsers, Microsoft accounts, several messengers and some other programs”. As many as 83 users downloaded this malware in just one day. Upon detection, the researchers notified VSDC developers about the threat.
It’s best that users who had downloaded the VSDC software between 2019-02-21 and 2019-03-23 immediately install antivirus software with the latest up-to-date definitions and go for a scan. It would also be good if they changed their passwords for all banking websites and important social media platforms also, after scanning and cleaning their systems.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.