Hackers have breached the website of VSDC, a popular company that provides free audio and video conversion and editing software.
Three different incidents have been recorded during which hackers changed the download links on the VSDC website with links that initiated downloads from servers operated by the attackers.
Below is a timeline of the hacks and link swaps, according to Chinese security firm Qihoo 360 Total Security, whose experts spotted the hijacks last week.
Qihoo experts said the first and third hijacks were the ones at a larger scale and affected the most users.
The infostealer is capable of recovering Telegram account passwords, Steam account passwords, Skype chats, Electrum wallet data, and can also take screengrabs of the victim's PC. All collected data is uploaded on an attacker's server at system-check.xyz
The keylogger is nothing special, collecting keystrokes and uploading them to wqaz.site.
Qihoo describes the third file as a VNC module that grants the attacker control over an infected user's PC. But while Qihoo did not specifically identify this malware, Ivan Korolev, a security researcher with Dr.Web, says the file was a version of DarkVNC, a lesser known RAT.
To its credit and unlike many companies nowadays, VSDC admitted to the hacks in an email to Bleeping Computer.
"Unfortunately, we did have hacker attacks, but they have already been stopped and all the vulnerabilities detected and removed," Alexander Galkin, a VSDC Project Manager told us.