VSDC Site Hacked Again to Spread Password Stealing and Banking Trojan

Posted by & filed under Security Alerts.

If you have downloaded the VSDC multimedia editing software between late February to late March this year, there are high chances that your computer has been infected with a banking trojan and an information stealer.

The official website of the VSDC software — one of the most popular, free video editing and converting app with over 1.3 million monthly visitors — was hacked, unfortunately once again.

According to Dr. Web hackers hijacked the VSDC website and replaced its software download links leading to malware versions, tricking visitors into installing dangerous Win32.Bolik.2 banking trojan and KPOT stealer.

Even more ironic is that despite being so popular among the multimedia editors, the VSDC website is running and offering software downloads over an insecure HTTP connection.

Though it’s unclear how hackers this time managed to hijack the website, researchers revealed that the breach was reportedly never intended to infect all users, unlike last year attack.

Instead, Dr.Web researchers found a malicious JavaScript code on the VSDC website that was designed to check visitor’s geolocation and replace download links only for visitors from the UK, USA, Canada, and Australia.

Insecure VSDC Website Was Distributing Malware for a Month

The malicious code planted on the website went unnoticed for almost a month—between 21 February 2019 and 23 March 2019, until researcher discovered it and notified VSDC developers of the threat.

Targeted users were served with a dangerous banking trojan designed to perform “web injections, traffic intercepts, key-logging and stealing information from different bank-client systems.”

Moreover, the attackers changed the Win32.Bolik.2 trojan to KPOT Stealer, a variant of Trojan.PWS.Stealer, on March 22, which steals information from web browsers, Microsoft accounts, several messenger services and some other programs.

According to the researchers, at least 565 visitors downloaded VSDC software infected with the banking trojan, while 83 users has had their systems infected with the information stealer.

VSDC site has been hacked several times in the past years. Just last year, unknown hackers managed to gain administrative access to its website and replaced the download links, eventually its visitors’ computers with the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor.

What to Do If You’re a Victim?

It should be noted that just installing the clean version of the software update over the malicious package would not remove the malware code from the infected systems.

So, in case you had downloaded the software between that period, you should immediately install antivirus software, with the latest up-to-date definitions, and scan your system for malware.

Beside this, affected users are also recommended to change their passwords for important social media and banking websites after cleaning the systems or from a separate device.


The information contained in this website is for general information purposes only. The information is gathered from The Hacker News while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.
Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.
Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.