VLC is a very popular media player. The fact that it takes up minimal space on PC, loads fast and works with almost every video format, makes it a fan favorite. Now, a new report suggests that scammers are using its popularity to launch malware attacks on users.
According to a report by cybersecurity researchers from Symantec, a state-sponsored Chinese group called Cicada or APT10 is used to launch malware on Windows PCs to spy on government, legal, religious, telecommunications, pharmaceutical and non-governmental organizations (NGOs). Using VLC media player. countries around the world, including Europe, Asia and North America. Victims of cicada cyber attacks are spread across the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Italy and Japan.
According to the report, the attackers use the legitimate VLC media player by launching a custom loader through the VLC Exports function. Simply put, they steal malware on legitimate software. They then use WinVNC tools to remotely control the victims’ machines.
Once attackers gain access to the victims’ machines, they deploy a number of different tools, including a custom loader and Sodamaster Backdoor, a fileless malware capable of multiple tasks, such as checking the registry. Avoiding detection in the sandbox for key or execution delays, enumerating the target system’s username, hostname, and operating system, searching for running processes, and downloading and executing additional payloads. The tool is also capable of intercepting and encrypting traffic sent back to its command-and-control (C&C) servers, the report said.
The cicada attack began in mid-2021, most recently observed in February 2022, in which hackers used an advanced vulnerability in Microsoft Exchange Server to gain access to the victim’s network.
Researchers believe that Cicada is delivering malware using the VLC media player to spy on its victims. “The victims targeted, the various equipment installed in this operation, and what we know about cicada’s past activity all indicate that the most likely target of this operation is espionage,” the researchers wrote in a post.
Chinese hackers are using VLC media player malware to launch attacks, this post first appeared on BGR India.