Video Editing Website VSDC download links replaced with key-logger, info-stealer and Remote Access Trojan (RAT)

In a recent cyber attack, a popular website VSDC that provides free audio & video editing and conversion software had been hijacked by malicious programmers to insert different malware strains.

The miscreants changed the download links for the software offered by VSDC, to download links that commenced downloads of malware strains from attacker controlled & operated servers. Upon downloading from these swapped links, the users ended up downloading theft Trojan or Info-stealer, remote access trojan (RAT) and a key-logger program.

The attack was carried out in three stages. The first attack commenced on June 18 2018 when the free video software download link was replaced with third party download links. On July 2 2018 (second instance) and July 6 2018 (third instance), the attacks were carried out and original links were again replaced with third party download links.

The first and third attack caused large scale damage and affected many unsuspecting users in comparison to the second attack. Users who downloaded the video editing software offered by VSDC on these days ended up downloading a JavaScript file instead of the original video editing software executable file.

This JavaScript file was disguised as a Video installer file. On executing the program, the users unknowingly installed below mentioned malware strains in the systems:

• Theft Trojan or Info-stealer – This Trojan is used by the miscreants to steal sensitive and private information such as Skype username/password, telegram username/password, Electrum wallet info and screenshot of the user’s PC.
• Key-logger – This program tracks and records the entire keyboard input by the user on their system while carrying out various different tasks. This is a dangerous program as it can send sensitive and personal information to the miscreant that includes login names and passwords for various websites, banking details, credit and debit card PINs etc.
• Hidden VNC remote access Trojan (RAT) – The third file allows the miscreant the capability to remotely access the user’s system. It allowed them the control over the mouse and keyboard in the new windows desktop created to access the user system.

The VSDC team later admitted to being hacked. They also informed the users that they had taken appropriate steps to prevent any future problems. They mentioned the steps that they have taken to remedy the vulnerabilities.

1. Removal of fake files and restoring the original source files.
2. Passwords have been changed, with character lengths increased significantly from the previous 10-12 characters.
3. Two-level Authentication added to access to the administrator part has been introduced
4. They have installed a special antivirus utility to check all the files for validity regularly.

The VSDC Hijack alerted the VSDC team to be proactive regarding the security of their domain. Users who downloaded the VSDC software on the aforementioned dates can possibly the victims of this VSDC hijack. They are advised to immediately run an anti-virus scan on their systems to get rid of the malware strains.

Hits: 241