Top software download site came with a backdoor for hackers

One of the world’s most popular software download sites was hijacked by hackers to deliver malware alongside commonly-used programs, researchers have claimed.

According to a Dr. Web report, a link to download the free VSDC video converter tool from CNET’s website was compromised, instead forcing users to download a modified installer which came bundled with a trojan.

This malware then allowed hackers to bypass the preinstalled antivirus programs installed on a victim’s device and take control of the system.

VSDC download compromised

The report claims that the hackers were able to compromise the downloads link on CNET’s site to target victims based on the geographic location. Some users in certain markets were able to download the genuine software, while the others got the compromised one.

Once the malicious software was installed, it was able to connect to a remote server and download additional modules like a trojan for remote-control RDP protocol, Predator The Thief stealer, SystemBC trojan-proxy and an X-Key logger.

Among other files on the server, the security agency, also traced a compromised NordVPN installer file. A spokesperson for the company said that “The NordVPN app has not been available for download from CNET for years; it has not been hosted there since around 2017. This whole case seems rather dubious, especially having in mind that the information on the matter is extremely vague; however, we have reached out to CNET and asked for their comment. We can only confirm that this has nothing to do with our service or the integrity of our applications. Meanwhile, we always strongly suggest our customers download our apps only from the official sources – https://nordvpn.com, Google Play Store, or Apple Store.”

According to internet statistics, CNET’s download page has over 90 million users per month which allowed the hackers got access to a huge user-base to target. Since, VSDC is well known free software for video editing, video conversion and is used to burn files on CDs, the hackers decided to target the users looking to download it.

The security experts at Doctor Web have deleted the infected files from the server and the users who had downloaded the video editor using the link from CNET’s websites are suggested to run an antivirus scan on their computers.

[“source=techradar”]