What is the issue - Doctor Web researchers identified that attackers compromised the website of free multimedia editor VSDC and hijacked the website’s download links to distribute a banking trojan Win32.Bolik.2 and an info stealer malware Trojan.PWS.Stealer (KPOT stealer).
Why it matters - Doctor Web researchers revealed that at least 565 users who downloaded VSDC editor had their computers infected with the Win32.Bolik.2 banking Trojan, while another 83 users had their computers infected with KPOT info-stealer.
The big picture
Researchers noted that VSDC developer’s computer has been compromised several times in the past, which led to the website being compromised again between February 21, 2019, and March 23, 2019.
“Additionally, on 22.03.2019 the attackers changed the Win32.Bolik.2 trojan to another malware, a variation of the Trojan.PWS.Stealer, KPOT Stealer. This trojan steals information from browsers, Microsoft accounts, several messengers and some other programs,” Researchers said in a blog.
Upon discovery, Doctor Web notified VSDC developers about the infection and VSDC developers have restored the download links. However, those who have installed VSDC editor between February 21, 2019, and March 23, 2019, are potentially affected.
What does VSDC have to say?
“Even with a fully-functioning security system guarding our website, we can confirm that it was shortly affected by the attack during the indicated period of time, and unlike the previous case mentioned in your article, the hackers had taken a new approach,” a spokesperson for VSDC told BleepingComputer.