VLC is probably one of the most popular media players for any type of audio or video formats. However, Chinese hackers are reportedly using VLC media player, which is used by millions, to launch malware attacks. According to Symantec’s Cybersecurity experts, the Chinese hackers called Cicada (aka menuPass, Stone Panda, APT10, Potassium, and Red Apollo) are using VLC on Windows to launch malware attacked used to spy on governments and related organizations.
According to the report, Cicada has targeted legal and non-profit sectors, as well organizations working in the fields of education and religion. The hacking group is said to have targeted a number of countries, including the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy, while the group also has one victim in Japan.
The malware deployed to the victims of the attack opens doors for hackers to obtain all kinds of information. It allows them to obtain knowledge on everything about the system, scour through running processes, and download files on command, which broadens the potential misuse.
These attacks involving VLC Media Player are reportedly used for espionage purposes and once these Chinese hackers gained access to a victim’s machine, they were able to maintain it for up to nine months. According to Bleeping Computer, VLC Media Player may have been exploited for deploying the malware, but the file itself was clean.
The report explained that a safe version of VLC was combined with a malicious DLL file located in the place as the export functions of the media player. This is referred to as DLL side-loading, and Cicada is not the only one using this technique to upload malware into programs that are otherwise secure.
The custom loader used by the Chinese hacking group has apparently been used in other attacks in the past that were also connected to Cicada. In order to gain access to the networks that were breached, a Microsoft Exchange Server was exploited. Additionally, a WinVNC server was deployed as a means of establishing remote control over the systems affected by the hidden malware.
Furthermore, an exploit called Sodamaster was used, which runs stealthily in the system memory without requiring any files. It is capable of avoid detection and can delay execution at startup. However, the report states that not all VLC media players need to worry since the VLC file in question was clean and hackers seem to have a very targeted approach, centered on certain entities.
VLC Media Player has not release a statement in this regard.
Read more: Twitter is Finally Getting an Edit Button.