The infostealer hijacks sensitive information including Telegram account / password, Steam account / password, Skype chat log, Electrum wallet and screenshot from victims’ machine.
VSDC VIDEO EDITOR VIRUS SOFTWARE
VSDC users were receiving a JavaScript file disguised as VSDC software that acted as a downloader for a PowerShell script, which, in turn, would download three malicious payloads, an infostealer, a keylogger, and a remote access trojan (RAT). The first and third periods affected the most users that were infected with three different pieces of malware. VSDC confirmed the incident and fixed the links on its website. July 6 – Hackers substituted download links with hxxp:///tw/file.php.
July 2 – Hackers substituted download links with hxxp:///tw/file.php.June 18 – Hackers substituted download links with hxxp://5.79.100.218/_files/file.php.The computer will be injected by theft Trojan, keylogger and remote control Trojan after the program is downloaded and installed.” reads the analysis published by Qihoo 360 Total Security.īelow the details of the three different attacks: “360 Security Center discovered the download links of a famous audio and video editor, VSDC (), has been hijacked in official website. The experts discovered that attacks were registered from an IP address in Lithuania – 18525.51.133.
The attackers gained access to the administrative server part of the site and replaced the links to the distribution file of the program. The experts discovered that hackers hijacked download links on the websites in three different periods, the links were pointing to servers they were operating.
0 kommentar(er)
