Native website links were substituted by links to another compromised website: Its task was to determine the visitor’s geolocation and replace download links for users from the UK, USA, Canada and Australia. This time hackers took a different approach to spreading the malware: they embedded a malicious JavaScript code inside the VSDC website. Web claims that the compromise occurred several times between February 21st and March 23rd and hackers went for different compromise tactics: While previously malicious managed to access the administrative servers, this time they took advantage of one of the developer's machines. Hackers took a different approach than previously Īccording to VSDC video editor authors, the culprit for such intrusion occurred most likely due to unpatched software vulnerability, which has been fixed since the time of the official report by Dr.
At the time, the download links effectively executed a JavaScript file, which would consequently install AZORult Stealer, X-Key Keylogger and the DarkVNC backdoor. Considering such a high number of visitors, the security measures of the developers deemed to be unsuccessful once again, as the site was hijacked several times last summer.
.jpg "vsdc reverse video")
VSDC is a free application, and its official download website attracts almost 1.3 million monthly visitors, putting a lot of users at the infection risk.
According to researchers, the download links for the program were hijacked, which allowed hackers to place a dangerous Win32.Bolik.2 banking trojan and (KPOT stealer) to be distributed along the original VSDC application. Web published a report which claims that the official website of a popular multimedia editing software VSDC was distributing malware between late February to late March this year. Security researchers uncovered VSDC site compromise: download links of a popular video editing tool incorporated banking torjan and an info-stealer VSDC video and audio editing software site was hijacked again: download links infected with Win32.Bolik.2 banking trojan and KPOT stealer
0 kommentar(er)
