Privacy News Popular Software Site Hacked to Redirect Users to Keylogger, Infostealer and a remote control trojan

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/popular-software-site-hacked-to-redirect-users-to-keylogger-infostealer-more/
Hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software.

Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.

Below is a timeline of the hacks and link swaps, according to Chinese security firm Qihoo 360 Total Security, whose experts spotted the hijacks last week.

First hack: June 18
Download link swapped with: hxxp://5.79.100.218/_files/file.php

Second hack: July 2
Download link swapped with: hxxp://drbillbailey.us/tw/file.php

Third hack: July 6
Download link swapped with: hxxp://drbillbailey.us/tw/file.php

Qihoo experts said the first and third hijacks were the ones at a larger scale and affected the most users.
Click to expand...

Users infected with three different malware strains

Users who downloaded VSDC software on those days have been infected with three different malware strains. Qihoo says victims received a JavaScript file disguised as VSDC software. This file would download a PowerShell script, which, in turn, would download three other files —an infostealer, a keylogger, and a remote control trojan.

The infostealer is capable of recovering Telegram account passwords, Steam account passwords, Skype chats, Electrum wallet data, and can also take screengrabs of the victim's PC. All collected data is uploaded on an attacker's server at system-check.xyz

The keylogger is nothing special, collecting keystrokes and uploading them to wqaz.site.

The third file is a mystery because it's a VNC module that allows attackers to take control of the victim's computer. VNC modules are most often found in banking trojans and are rarely used as standalone components, hackers usually preferring the more advanced commercial RATs available on the market.
Click to expand...
 
  • Like
Reactions: Handsome Recluse, Vasudev, Weebarra and 9 others
You must log in or register to reply here.

Similar threads

upnorth
    • +Reputation
    • Like
Mac users open to Remote Control via Tricky macOS Malware; hidden VNC tool
Replies
2
Views
1,277
News Archive
vtqhtr413
vtqhtr413
H
    • Wow
    • Like
    • Sad
Victim loses over $20k from credit card and bank accounts after downloading third-party app
Replies
6
Views
1,441
News Archive
Digmor Crusher
Digmor Crusher
upnorth
    • Like
    • +Reputation
Magnat use Malvertising to Deliver Stealer, Backdoor and Malicious Chrome Extension
Replies
0
Views
879
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top