Yet another attempt by hackers to drop malware through CNET’s download section.
The Russian cyber security firm Dr. Web has revealed it caught hackers using the CNET website to spread nasty malware through its software download section.
According to researchers, they identified a download link of a popular video player – VSDC – to be compromised on its CNET page. The malware campaign worked in a way that when users headed to download the software, they did indeed get the original program alongside but only this time it had been modified to include malicious programs.
How this works is through a two-fold process. Firstly, when the user clicks on the link, it redirects them to downloads[.]videosfotdev[.]com “which is a spoofed domain name controlled by hackers.” This then results in the user downloading a modified installation setup “but with a valid digital signature,” explained Dr. Web.
See: Fake VPN website delivering password-stealing malware
According to Dr. Web’s blog post, who receives this redirection though depends on one’s location therefore those not targeted will end up on the original site.
The screenshot provided by Dr. Web shows the download file available on CNET.
Secondly, coming to the process in itself, two additional folders are created in a directory %userappdata% apart from the original editor’s files. Ou ..
Support the originator by clicking the read the rest link below.
