VLC is a very popular video and audio player as it covers a number of formats that video and audio players built into operating systems like Windows and macOS don’t. But it apparently now has a dark side. A Chinese hacking group known as Cicada is reportedly leverages VLC to load malware onto devices for espionage. As reported by cybersecurity researchers at Symantec, the hacking group targeted governments and related organizations, legal and non-profit businesses, and organizations with religious connections. The group hit targets in the U.S., Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
The way it works is that the group exploits legitimate versions of VLC by launching a “custom loader” via the software’s ‘Exports’ function. Then it uses the ‘WinVNC’ tool to gain remote control of the victim’s machine. At this point the computer is effective pwned, and the hackers can then deploy a hacking tool called ‘Sodamaster’ to evade detection and scan systems, download more malicious packages, and conceal communications to their command and control server.
What’s really scary about this is that attacks are thought to be ongoing. Which of course is bad. The best advice that I can give you is the usual advice. Which is maintaining up-to-date security software, using strong passwords, and backing up important data.
Like this:
Like Loading...
Related
This entry was posted on April 10, 2022 at 5:19 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The IT Nerd 
Chinese Hackers Use VLC In Targeted Attacks
VLC is a very popular video and audio player as it covers a number of formats that video and audio players built into operating systems like Windows and macOS don’t. But it apparently now has a dark side. A Chinese hacking group known as Cicada is reportedly leverages VLC to load malware onto devices for espionage. As reported by cybersecurity researchers at Symantec, the hacking group targeted governments and related organizations, legal and non-profit businesses, and organizations with religious connections. The group hit targets in the U.S., Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
The way it works is that the group exploits legitimate versions of VLC by launching a “custom loader” via the software’s ‘Exports’ function. Then it uses the ‘WinVNC’ tool to gain remote control of the victim’s machine. At this point the computer is effective pwned, and the hackers can then deploy a hacking tool called ‘Sodamaster’ to evade detection and scan systems, download more malicious packages, and conceal communications to their command and control server.
What’s really scary about this is that attacks are thought to be ongoing. Which of course is bad. The best advice that I can give you is the usual advice. Which is maintaining up-to-date security software, using strong passwords, and backing up important data.
Share this:
Like this:
Related
This entry was posted on April 10, 2022 at 5:19 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.