Chinese hackers exploit VLC Media Player to launch malware attacks. The popular media player is free open-source software compatible with almost every platform. It is user-friendly and light, which means it can be easily installed without hindering the performance of your Windows computer. It’s a super application until it is used to hide malicious code by hackers to spread their malware.
According to Symantec, Cicada (aka Stone Panda or APT10), a Chinese hacking group is exploiting VLC on Windows systems to launch malware to spy on governments and related organizations. The group is known to target legal and nonprofits sectors, and organizations with religious connections. The operations of this hacking group are spread across the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
Researchers at Symantec mentioned the hackers grab the clean version of VLC and contaminate it with a malicious file alongside the media player’s export functions. The hackers try to sneak the malware onto the victim’s system by hiding it with legit software.
The hackers then proceed to use the VNC remote-access server to gain access to the compromised system. Later using tools such as Sodamaster, which scans the targeted systems, downloads more malicious packages, and obscures communications between compromised systems and the hackers’ command-and-control servers.
Symantec explained the VLC attacks have been ongoing since 2021, the hackers exploited a known Microsoft Exchange server vulnerability. The researchers said, while the mysterious malware lacks a fun, dramatic name like Xenomorph or Escobar, they are sure it is used for espionage.
The Cicada hacking group has been targeting the healthcare industry, defense, aviation, shipping, biotechnology, and energy sectors.
The Cicada hacking group continues to be a serious threat to the world as it is well funded and is capable of using sophisticated tools and techniques. Users are advised to update all security software, use a strong password, and backup their data.