Users infected with three different malware strains
Users who downloaded VSDC software on those days have been infected with three different malware strains.
Qihoo says victims received a JavaScript file disguised as VSDC software. This file would download a PowerShell script, which, in turn, would download three other files —an infostealer, a keylogger, and a remote control trojan.
The infostealer is capable of recovering Telegram account passwords, Steam account passwords, Skype chats, Electrum wallet data, and can also take screengrabs of the victim's PC. All collected data is uploaded on an attacker's server at system-check.xyz
The keylogger is nothing special, collecting keystrokes and uploading them to wqaz.site.
The third file is a mystery because it's a VNC module that allows attackers to take control of the victim's computer. VNC modules are most often found in banking trojans and are rarely used as standalone components, hackers usually preferring the more advanced commercial RATs available on the market.