Popular video and sound editing website VSDC hacked to propagate banking Trojans

Researchers blame poor website security for the attack that compromised users' PCs with banking Trojan malware

Video editing website VSDC has been compromised by hackers, according to security researchers at Doctor Web.

After hijacking download links on the website, the attackers were able to infect it with a banking Trojan (Win32.Bolik.2) and information stealer (Trojan.PWS.Stealer).

VSDC is a free software package for editing video and sound, and figures from SimiliarWeb estimate that it is used by around 1.3 million people.

Hackers gained access to the administrative side of the VSDC website and replaced the download links

Despite the fact that VSDC has a large user base, Doctor Web said the "security measures taken by the website's developers often turn out to be insufficient for such traffic volume" and endanger "a large number of people".

"Last year unknown hackers gained access to the administrative side of the VSDC website and replaced the download links," warned the researchers.

"Instead of the editing software, users received a JavaScript file, which then downloaded the AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor."

Since that incident, Doctor Web claimed that the site had been "compromised several times" and that one "such hack led to the website being compromised again between 2019-02-21 and 2019-03-23".

However, the hackers differed in their approach by embedding a malicious JavaScript code in the website.

This Trojan steals information from browsers, Microsoft accounts, several messengers and some other programs

Dr Web continued: "The task was to determine the visitor's geolocation and replace download links for users from the UK, USA, Canada and Australia"

The links included

• https://thedoctorwithin\\[.]com/video\\_editor\\_x64.exe
• https://thedoctorwithin\\[.]com/video\\_editor\\_x32.exe
• https://thedoctorwithin\\[.]com/video\\_converter.exe

Users would also have downloaded the Win32.Bolik.2 banking Trojan, which the Doctor Web said performs web injections, traffic intercepts, key-logging and steals information. The researchers identified at least 565 cases of this infection.

On Friday 22^nd March, the attackers also infected the website with KPOT stealer (Trojan.PWS.Stealer) malware. "This Trojan steals information from browsers, Microsoft accounts, several messengers and some other programs. In just one day it was downloaded by 83 users," said the researchers.

They added: "The VSDC developers were notified about the threat; and at the present moment, download links were restored to the originals. However, Doctor Web experts recommend that all VSDC users check their devices with our antivirus software."

Computing and CRN have united to present the Women in Tech Festival UK 2019, on 17 September in London.

The event will celebrate successful women in the IT industry, enabling attendes to hear about, and to share, personal experiences of professional journeys and challenges.

Whether you're the ‘Next Generation', an ‘Inspirational Leader', or an ‘Innovator of Tech' this event will offer inspiration on not only how to improve yourself, but how to help others too. The event is FREE for qualifying IT pros, but places will go fast