The site has a properly functioning security system but it too was affected by the attackers using a different approach this time. The VSDC team said that with the growing popularity of the app, more attackers have been trying to take advantage of it. The developers of VSDC were informed about this and they took a step for replacing the download links to the original ones. Related: New Malware Spreads Through Game of ThronesĪs per the Doctor Web report, Win32.Bolik.2 banking Trojan had been affecting the computers of 565 users after downloading from VSDC and around 83 had been affected with KPOT stealer.Whereas KPOT for stealer is responsible for swiping information from different programs like browsers, Microsoft accounts, messengers, etc. The banking Trojan is for performing web injections, intercepting the traffic, key-logging and also for stealing the sensitive information the bank-client systems. People who had been to VSDC recently and downloaded their video editor and converter software got their computers affected with the multi-component polymorphic banking Trojan, Win32.Bolik and KPOT Stealer Trojan. The job of malware was to determine the geolocation of the traffic, and target users from UK, USA, Canadian, and Australian regions. This time the malware was spread by embedding a malicious JavaScript code into the website. The report by the Doctor Web researchers said that after the previous incident, the VSDC developer’s computer was compromised many times, as recently the website was hacked during the 21 February 2019 to 23rd February 2019. The VSDC team said that they have worked on the vulnerability that let hackers attack the site, whereas researchers said the attack happened again many times. These JavaScript files were used to drop "AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor" on the computers of the victims.
Ivan Korolev, a malware analyst at Doctor Web said that during that incidents the download links were exchanged with the link directing the visitors to JavaScript files by the hackers. The three specific dates, June 18, July 2 and July 6 were also mentioned when the attackers were active.
In July 2018, a Chinese security firm, Qihoo 360 Total Security found out that hackers have breached the security of VSDC website.
VSDC boasts nearly 13 million users, which makes this incident even more dangerous considering the number of potential victims. This intrusion was discovered by the researchers of Doctor Web, according to whom the hackers hijacked and infected the downloadable files on the website and made visitors of the site download the banking Trojan, Win32.Bolik.2, as well as the editing software. Banking Trojan and information stealer were spreading through the download links. Hackers once again got control of VSDC, a free multimedia editor website.
0 kommentar(er)
