{
	"id": "0aa01871-bd60-4fc0-b8db-046e8d8d0f6d",
	"created_at": "2026-04-06T00:06:41.332925Z",
	"updated_at": "2026-04-10T13:12:05.448936Z",
	"deleted_at": null,
	"sha1_hash": "7d8b37a85e0c509df53d60ed5722c3f98b424088",
	"title": "The official website of a popular video editing software was infected with a banking trojan",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 111087,
	"plain_text": "The official website of a popular video editing software was\r\ninfected with a banking trojan\r\nPublished: 2019-04-11 · Archived: 2026-04-05 21:55:46 UTC\r\nBy continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies\r\nrelated to the collection of visitor statistics.\r\nLearn more\r\n11.04.2019\r\nReal-time threat news | Hot news | All the news | Virus alerts\r\nApril 11, 2019\r\nDoctor Web researchers discovered that the official website of a well-known video editing software, VSDC,\r\nwas compromised. The hackers hijacked download links on the website causing visitors to download a\r\ndangerous banking trojan, Win32.Bolik.2, and the Trojan.PWS.Stealer (KPOT stealer) along with the\r\nediting software.\r\nVSDC is a popular, free software for editing video and sound. According to SimilarWeb statistics, monthly visits\r\nof the VSDC website come close to 1.3 million users. However, the security measures taken by the website’s\r\ndevelopers often turn out to be insufficient for such traffic volume, which endangers a large number of people.\r\nLast year unknown hackers gained access to the administrative side of the VSDC website and replaced the\r\ndownload links. Instead of the editing software, users received a JavaScript file, which then downloaded the\r\nAZORult Stealer, X-Key Keylogger and the DarkVNC backdoor. The VSDC team stated that they closed the\r\nvulnerability, but recently we received information about additional cases of infection through their website.\r\nhttps://news.drweb.com/show/?i=13242\u0026lng=en\r\nPage 1 of 3\n\nAccording to our researchers, the VSDC developer’s computer has been compromised several times since the\r\nprevious incident. One such hack led to the website being compromised again between 2019-02-21 and 2019-03-\r\n23. This time hackers took a different approach to spreading the malware: they embedded a malicious JavaScript\r\ncode inside the VSDC website. Its task was to determine the visitor’s geolocation and replace download links for\r\nusers from the UK, USA, Canada and Australia. Native website links were substituted by links to another\r\ncompromised website:\r\nhttps://thedoctorwithin[.]com/video_editor_x64.exe\r\nhttps://thedoctorwithin[.]com/video_editor_x32.exe\r\nhttps://thedoctorwithin[.]com/video_converter.exe\r\nUsers that downloaded software from that website also received a dangerous banking trojan, Win32.Bolik.2. Same\r\nas its predecessor, Win32.Bolik.1, this malware has qualities of a multicomponent polymorphic file virus. Trojans\r\nof this family are designed to perform web injections, traffic intercepts, key-logging and stealing information from\r\ndifferent bank-client systems. At the moment we have information on at least 565 cases of infection with this\r\ntrojan via videosoftdev.com site. It’s worth mentioning that so far only Dr.Web products successfully detect all the\r\ntrojan’s components.\r\nAdditionally, on 22.03.2019 the attackers changed the Win32.Bolik.2 trojan to another malware, a variation of the\r\nTrojan.PWS.Stealer, KPOT Stealer. This trojan steals information from browsers, Microsoft accounts, several\r\nmessengers and some other programs. In just one day it was downloaded by 83 users.\r\nThe VSDC developers were notified about the threat; and at the present moment, download links were restored to\r\nthe originals. However, Doctor Web experts recommend that all VSDC users check their devices with our\r\nantivirus.\r\nIndicators of compromise\r\n#banker #banking_trojan #virus\r\n13242 en 5\r\n0\r\nDoctor Web’s Q1 2026 review of virus activity on mobile devices\r\n01.04.2026\r\nVirus reviews\r\nRead\r\nDoctor Web’s Q1 2026 virus activity review\r\n01.04.2026\r\nVirus reviews\r\nhttps://news.drweb.com/show/?i=13242\u0026lng=en\r\nPage 2 of 3\n\nRead\r\nDr.Web for personal computers receives SKD AWARDS product excellence distinction\r\n24.03.2026\r\nCorporate news | Dr.Web products\r\nRead\r\nSource: https://news.drweb.com/show/?i=13242\u0026lng=en\r\nhttps://news.drweb.com/show/?i=13242\u0026lng=en\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://news.drweb.com/show/?i=13242\u0026lng=en"
	],
	"report_names": [
		"?i=13242\u0026lng=en"
	],
	"threat_actors": [],
	"ts_created_at": 1775434001,
	"ts_updated_at": 1775826725,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7d8b37a85e0c509df53d60ed5722c3f98b424088.pdf",
		"text": "https://archive.orkl.eu/7d8b37a85e0c509df53d60ed5722c3f98b424088.txt",
		"img": "https://archive.orkl.eu/7d8b37a85e0c509df53d60ed5722c3f98b424088.jpg"
	}
}