They modify VLC to attack
This discovery has been made since Symantec. They have alerted that a group of hackers are distributing a modified version of VLC and exploiting it to carry out cyber attacks. They also indicate that it is a cyberespionage campaign aimed at organizations around the world.
Affects very varied sectors, although they are mainly targeting NGOs, government institutions and telecommunications sectors. Attackers target victims through Microsoft Exchange servers that are not up to date. In this way they manage to sneak in a modified version of VLC and use it to activate a custom malware loader.
Furthermore, as security researchers indicate, attackers also exploit the VLC Media Player legitimate by launching a custom loader via VLC’s export function and using the WinVNC tool for remote control of victim machines.
However, the report that talks about these attacks indicates that it is not a VLC problem. It is not a vulnerability that affects the program. The attacker needs the victim’s device is not up to date and have a security flaw that they can exploit. In this way they manage to add a malicious DLL file to the clean version of VLC and thus manage to launch a custom malware loader.
Therefore, in order for these attacks to be executed, a system with some kind of vulnerability and a maliciously modified version of VLC is needed. This is what allows attackers to take control.
What to do to be protected
The first thing is always keep your devices up to date. We have seen that attackers can exploit outdated systems, with some vulnerability. Therefore, you should always have the latest available versions of Windows or any operating system you use installed, as well as the different applications you have installed. This will allow to avoid very varied cyber attacks.
On the other hand, it is equally essential that you download VLC from official sources and safe. This way you will avoid installing a program that has been maliciously modified. It is something essential whenever you install any type of software and thus reduce the risk of attacks.
Also, you should always have a good antivirus in the system. This will help you analyze possible malicious files and detect malware as soon as possible to remove it. You can use many options that are available both free and paid, but we always recommend that you make sure that it works correctly and is reliable. You can see how the security of open source programs is.
In short, as you have seen, they are using a modified version of VLC to attack. It is necessary that you update the system correctly and always download the applications from safe and official sites.