Chinese Hackers Use VLC In Targeted Attacks

VLC is a very popular video and audio player as it covers a number of formats that video and audio players built into operating systems like Windows and macOS don’t. But it apparently now has a dark side. A Chinese hacking group known as Cicada is reportedly leverages VLC to load malware onto devices for espionage. As reported by cybersecurity researchers at Symantec, the hacking group targeted governments and related organizations, legal and non-profit businesses, and organizations with religious connections. The group hit targets in the U.S., Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.

The way it works is that the group exploits legitimate versions of VLC by launching a “custom loader” via the software’s ‘Exports’ function. Then it uses the ‘WinVNC’ tool to gain remote control of the victim’s machine. At this point the computer is effective pwned, and the hackers can then deploy a hacking tool called ‘Sodamaster’ to evade detection and scan systems, download more malicious packages, and conceal communications to their command and control server.

What’s really scary about this is that attacks are thought to be ongoing. Which of course is bad. The best advice that I can give you is the usual advice. Which is maintaining up-to-date security software, using strong passwords, and backing up important data.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: