VLC is one of the most widely use media players for all types of music and video files. On the other hand, Chinese hackers are allegedly utilising the VLC media player. Which is use by millions of people to launch malware attacks. According to Symantec\’s Cybersecurity specialists, Chinese hackers known as Cicada (also known as menuPass, Stone Panda, APT10, Potassium, and Red Apollo) are utilising VLC on Windows to launch malware attacks against governments and other businesses.
According to the study, Cicada has allegedly targeted the legal and non-profit sectors and organisations operating in the spheres of education and religion. The hacker organisation is allege to have targeted the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Italy, and one victim in Japan.
The virus distributed to the victims of the attack allows hackers to access a wide range of data. It enables them to learn everything about the system, search through running processes. And download files on command, expanding the scope of possible abuse.
These VLC Media Player attacks are say to use for espionage. And once the Chinese hackers acquired access to a victim\’s computer. They were able to keep it running for up to nine months. VLC Media Player may have been used to spread the malware. But the file itself was clean, according to Bleeping Computer.
According to the study, a secure version of VLC was mixe with a malicious DLL file located in the same directory as the media player\’s export capabilities. This is known as DLL side-loading, and Cicada isn\’t the only one who uses it to inject malware into otherwise secure apps.
The custom loader used by the Chinese hacking outfit has reportedly utilised in prior Cicada-related assaults in the past. A Microsoft Exchange Server was use to get access to the networks that had been hacked. In addition, a WinVNC server was install to allow remote control of the systems infected with the concealed virus.
In addition, an exploit know as Sodamaster was employe. Which runs silently in system memory without the need for any files. It can avoid detection and postpone execution upon startup. However, according to the research, not all VLC media players should be concerned because the VLC file in question was clean. And hackers target certain businesses.