Beware! Chinese Hackers are Using VLC Media Player to Spy on You

VLC is a fairly popular media player. The fact that it takes minimal space on PCs, loads faster and works with almost every video format makes it a fan favourite. Now, a new report suggests that scammers are using its popularity to launch malware attacks on users.
According to a report by Symantec’s cybersecurity researchers, a state-sponsored Chinese group called Cicada or APT10 is using VLC Media Player on Windows PCs to launch malware for spying on government, legal, religious, telecom, pharmaceutical and non-governmental organisations (NGOs) in countries across the globe, including in Europe, Asia, and North America. The victims of Cicada’s cyber attacks are spread across the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Italy and Japan.

As per the report, the attackers use the legitimate VLC Media Player by launching a custom loader via the VLC Exports function. Simply said, they sneak malware on legitimate software. They then use the WinVNC tool for remotely controlling victims’ machines.

Once the attackers have gained access to victims’ machines, they deploy various different tools, including a custom loader and the Sodamaster backdoor, which is a fileless malware that is capable of multiple functions, such as evading detection in a sandbox by checking for a registry key or delaying execution, enumerating the username, hostname, and operating system of targeted systems, searching for running processes, and downloading and executing additional payloads. The report says that the tool is also capable of obfuscating and encrypting traffic that it sends back to its command-and-control (C&C) server.

Cicada’s attack began in mid-2021 they were recently observed in February 2022 wherein the hackers used an upatched vulnerability in Microsoft Exchange Servers to gain access to victim networks.

The researchers believe that Cicada is delivering malware using VLC media player for spying on its victims. “The victims targeted, the various tools deployed in this campaign, and what we know of Cicada’s past activity all indicate that the most likely goal of this campaign is espionage,” researchers wrote in a post.

Source: BGR