Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VSDC video editing software website hacked again

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with malware. Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with a banking trojan and an information stealer. VSDC is a popular, free video editing and converting app and […]

VSDC

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with malware.

Users that have downloaded the VSDC multimedia editing software between 2019-02-21 and 2019-03-23, may have been infected with a banking trojan and an information stealer.

VSDC is a popular, free video editing and converting app and its website has over 1.3 million monthly visitors, for this reason, this incident may have potentially exposed a large number of people. The hackers already compromised the official website of VSDC in the past, in previous attacks they hijacked the download links to deliver malware to the victims.

In the latest attack, they embedded a malicious JavaScript code inside the VSDC website that was used to determine the visitor’s geolocation and replace download links for users from the UK, USA, Canada, and Australia

VSDC

“Doctor Web researchers discovered that the official website of a well-known video editing software, VSDC, was compromised.” reads the blog post published by Dr. Web.

“The hackers hijacked download links on the website causing visitors to download a dangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the editing software.”

The Win32.Bolik.2 malware is a modular polymorphic file Trojan that has the ability to perform web injections, traffic intercepts, key-logging and stealing information from different bank-client systems.

At the moment, experts believe at least 565 people who downloaded the software were infected.

Attackers also delivered the KPOT Stealer, a variant of Trojan.PWS.Stealer, starting from March 22. The malware is able to steal information from web browsers, Microsoft accounts, several messenger services, and some other programs.

According to the researchers, 83 users were infected with the information stealer.

Unfortunately this isn’t the first time that the VSDC site has been hacked.

In July 2018, experts from Chinese security firm Qihoo 360 Total Security discovered that attackers hijacked the download links of the VSDC website.

The experts discovered that hackers hijacked download links on the websites in three different periods, the links were pointing to servers they were operating.

Below the details of the three different attacks:

  • June 18 – Hackers substituted download links with hxxp://5.79.100.218/_files/file.php
  • July 2 – Hackers substituted download links with hxxp://drbillbailey.us/tw/file.php
  • July 6 – Hackers substituted download links with hxxp://drbillbailey.us/tw/file.php

At the time, hackers were serving the visitors the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor.

Users that had downloaded the software in the above between have to scan their system for malware using an up-to-date of the antivirus software.

Users are also recommended to change their passwords for banking websites and other services.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, VSDC)

[adrotate banner=”5″]

[adrotate banner=”13″]