720-891-1663
Return to the list of client alerts
This time it is the video editing software package VSDC.
Downloads between February 21st and March 23rd were infected with two different pieces of malware:
Targeted users were served with a dangerous banking trojan designed to perform “web injections, traffic intercepts, key-logging and stealing information from different bank-client systems.”
Moreover, the attackers changed the Win32.Bolik.2 trojan to KPOT Stealer, a variant of Trojan.PWS.Stealer, on March 22, which steals information from web browsers, Microsoft accounts, several messenger services and some other programs.
One more time the attack was targeted. In this case only visitors from the U.S., U.K., Canada and Australia (curiously 4 of the “Five Eyes” countries) were supposed to be attacked.
Again, a limited number of visitors were compromised – 565 were infected with the banking trojan and 83 with the information stealer, but it points to larger problem.
The VSDC web site gets a fair amount of traffic. Alexa gives it a rank 19,167, meaning that it is in the top 20,000 of the millions of websites worldwide, by number of visitors. One would think that a site as busy as that would have good security, but it doesn’t even use HTTPS.
Hackers, whether nation-state or otherwise, have figured out that it is easier to let users hack themselves than to try to infect user’s systems.
Rather than trying to break in to user’s computers, they wait until they are welcomed in by the victims in the form of a software update.
Whether it is Asus or CCleaner, or WannaCry or a bunch more, the attacks keep on coming because they know that they can find web sites that are not secure and which therefore can be compromised.
Are there “sleeper” web sites out there – already infected and just waiting to be called into service? Going after thousands of visitors or, maybe, just one. If the one is the right one – say a nuclear power plant, perhaps – the damage could be severe, to say the least.
For now, businesses and home users alike need to revisit their supply chain security and figure out how to tighten up security or risk being the next target of a supply chain attack. So far, it seems like most of them have been specifically targeted, but that does not mean this will be the case going forward.
Also remember, this is only ONE FORM of supply chain attack. Do not be blinded into thinking that if you fix this particular supply chain problem you are safe. You must look at them all.
Unfortunately, if there is a silver bullet to solve this problem, we have not found it yet.
Source: The Hacker News.