VSDC

VSDC, headquartered in New Zealand, operates as a software development company known for its multimedia editing products. The organization's core business involves creating and distributing consumer-level video and audio editing software, serving a global user base seeking accessible creative tools. Its flagship product, the VSDC Free Video Editor, is frequently referenced in its public-facing materials and security incident reports, establishing its market position in the competitive digital content creation space. The company's operational model centers on direct-to-consumer distribution via its website, where users download the software, making the integrity of its online distribution channel critical to its business. This reliance on web-based delivery has periodically placed its infrastructure at the center of security incidents, shaping its public profile as much as its product offerings.

The company's history includes multiple significant security breaches targeting its website infrastructure. In July 2018, attackers compromised the site, replacing legitimate download links with malicious ones that redirected users to attacker-controlled servers. Users were tricked into downloading JavaScript files disguised as software, which then executed PowerShell scripts to deploy a suite of malware including an infostealer targeting credentials and cryptocurrency wallets, a keylogger, and a remote access trojan. The incident prompted a comprehensive response: VSDC rebuilt its website infrastructure, enforced stronger authentication with two-factor authentication and complex passwords, and implemented file integrity monitoring. A similar compromise recurred in February 2019, where malicious JavaScript was embedded to redirect users from specific countries to a site hosting trojanized software. This delivered a banking trojan with web injection and traffic interception capabilities, alongside an infostealer targeting browser data, Microsoft accounts, and messaging apps, confirming over 600 infections. The vendor restored legitimate downloads and announced enhanced security measures, noting that only website files were modified while administrative systems and core program files remained secure. These repeated attacks, with one incident linked to a Lithuanian IP address, underscore a persistent threat to its distribution model and a documented pattern of vulnerability followed by remediation efforts.