VSDC Download Link on CNET Compromised to Distribute Malware
- VSDC’s download link on CNET was pointing to a spoofed website that pushed trojans and malware.
- The link has been corrected to direct to the legitimate website now, but if you got VSDC from CNET, run your AV scan now.
- The software is very popular, capable, and free, and that’s why crooks are constantly targeting it.
The download link of the VSDC video editor software on the CNET’s Downloads webpage has been compromised by malicious actors, resulting in the downloading of thousands of infected installers. The hackers have set up a spoofed domain on “downloads[.]videosfotdev[.]com”, which contains the installer of the video editing software, but is also bundled with a trojan. The discovery was made by the Dr. Web Antivirus team of researchers, and the malicious file is identified as “BackDoor.TeamViewer”. A script in the trojan enables the file to bypass the Microsoft Windows Defender protection and to establish communication with the C2 server.
From there, additional payloads and modules are fetched. The researchers have noticed an X-Key Keylogger, Predator The Thief stealer, SystemBC trojan-proxy, and a trojan for remote control over RDP protocol. By looking into the online repositories that are used for the downloading of the additional payloads, the researchers noticed a fake NordVPN installer too, and it even comes with a valid digital signature. For a full list of the indicators of compromise that concern this campaign, you may take a look at this GitHub page.
Those who have been following the news section here, you may remember that this is not the first time that VSDC becomes the target of malicious actors. Back on April 12, 2019, the same team of researchers discovered that hackers had replaced the original installer of the video editor with banking trojans. The malicious files were downloaded by at least 600 people before the software’s team cleaned the download page, but in the case of the CNET, the victim count could be a lot higher. Dr. Web informed VSDC again, they contacted CNET, and the link was restored to point to the legitimate website now.
All that said, one could be wondering why crooks insist on targeting VSDC and what’s so special about it. Simply put, it’s one of the most capable and feature-rich video editor, video converter, audio converter, and CD ripper that is free of charge and doesn’t come with annoying ads. To the contrary, it comes with an easy to use contemporary user interface, performs both reliably and speedy, and supports the vast majority of video and audio formats in existence. Thus, VSDC generates a lot of interest, and there is always a good number of people who are looking to download it.