Website of the VSDC Free Video Editor Compromised to Push Trojans

  • VSDC’s website was compromised by malicious actors who swapped the download links to push trojans.
  • The two trojans targeted banking information of users, and are considered particularly powerful.
  • At least 600 infection cases were recorded, but many more have definitely been victimized over the full month that the actors remained active.

According to a report by the Dr. Web Antivirus researchers, the website of the popular and free to use VSDC video and audio editor and converter has been compromised by malicious actors. The result of this is that website visitors who tried to download the media editing software also received a pretty dangerous banking trojan (Win32.Bolik.2), as well as a password-stealing trojan (KPOT). The researchers estimate the monthly visitors to the VSDC website to be around 1.3 million, so the number of potential infections could be a quite large one.

Further analysis by the researchers has revealed that the period of compromise spanned between February and March 2019, with the hackers incorporating a malicious snippet of JavaScript code which would geo-locate the website’s visitors. If the victim was from the US, UK, Canada, and Australia, the download link would be replaced with a resource that would deliver the editing software bundled with the dangerous trojans. The malicious links used in this attack are:

  • https: // thedoctorwithin [.] com / video_editor_x64.exe
  • https: // thedoctorwithin [.] com / video_editor_x32.exe
  • https: // thedoctorwithin [.] com / video_converter.exe

The Bolik trojan has the properties of a multi-component polymorphic virus, designed for traffic interception, keylogging, data infiltration, and even code injection. It has a long and successful record of deployment against home and corporate banking systems. In addition to this, the attackers pushed KPOT, a stealer that works on browsers, messaging apps, and Microsoft account platforms. By monitoring the infection rates on the compromised websites, Dr. Web researchers counted a total of 565 cases of Bolik infections, and another 83 KPOT stealer infections that occurred over the duration of a single day.

Right now, the website administrators have taken action and replaced the malicious links with the legitimate ones. However, if you have downloaded any of their products in this past couple of months, and especially between 21 February and 23 March this year, you should run a complete system scan using an up to date AV tool immediately. For a full list of the indicators of compromise, check out the relevant ReadMe file on GitHub. On a side note, it is irresponsible and unfortunate that VDSC has not posted anything on their News section and neither on their Twitter handle.

Do you trust and use “free of charge” tools for multimedia editing, or are you paying for a commercial product? Let us know in the comments section beneath, and help us warn others by sharing this post through our socials, on Facebook and Twitter.



Microsoft Launches a Redesigned Notepad for Windows 11

The redesigned Notepad for Windows 11 is now rolling out to Windows Insiders. In its new design, Notepad is aligned with the new...

Instagram Reveals New Tools to Keep Teens Safe, Including Parental Controls

Instagram announced its intent to take a 'stricter approach' regarding the content it shows to teen users. As part of Instagram's new tools,...

Microsoft Seizes Chinese-Based Hacker Group’s Websites

Microsoft has taken down several websites used by the China-backed hacker group called Nickel.The seized websites were used to gather information from...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari