Tech

Chinese Hackers Exploit VLC Video Player to Launch Dangerous Malware

Deepak GuptaApril 6, 2022
0

Computer security researchers have uncovered the existence of a long-running malicious campaign by hackers associated with the Chinese government. They obviously exploit VLC Media Player to spread dangerous malware on the PC of their victims.

vlc exploit hack
Credits: Pixabay

During these long years of career, the multimedia player VLC Media Player has been hijacked in spite of itself on numerous occasions by pirates. In 2017, for example, hackers tricked VLC users into creating malicious subtitles. In 2019, a critical security flaw allowed an attacker to execute arbitrary code remotely.

However, computer security researchers at Symantec have discovered the existence of a long-running malicious campaign by hackers with links to the Chinese government. This is the Cicada group, which has been operating for almost 15 years. The start of this operation was spotted in mid-2021 and was still active in February 2022. Symantec experts believe it is still ongoing currently.

Obviously, this campaign was launched at espionage purposes various entities involved in governmental, legal and religious actions as well as NGOs. According to the researchers, access to the targeted networks was made through a Microsoft Exchange server thanks to a known but unpatched vulnerability on the machines in question.

Also read: VLC 4.0 – VideoLAN is preparing a complete interface overhaul for 2021

Hackers use VLC to spread malware

After gaining access to the targeted PCs, the attacker deployed a modified version of VLC with a malicious DLL file. This technique, known as DLL sideloadinghas been used for many years by hackers to load malware into legitimate processes to conceal malicious activity.

To put it simply, some commands are common to many applications. However, to facilitate the development of apps, these commands are stored in libraries. When an app needs a particular command, it picks it up from the corresponding bookstore.

Using this technique, pirates are in fact content to replace the good bookstore with a fake one, which nevertheless responds to the same name and the same commands. But here, the function associated with a command is modified so as to launch a completely different command. In this specific case, spreading malware via the VLC media player. Specifically it would be the Sodamaster malware, which allows to collect system details, search for running processes and download/execute various payloads remotely.

Source: Bleeding Computer

We have other articles that may interest you:
  1. Forget Twitch and create your own FM radio with a Raspberry Pi
  2. Windows 11: Security option reduces in-game performance by up to -30%
  3. Microsoft is reportedly abandoning HoloLens 3, its next mixed reality headset
  4. A quality VPN for less than €2, CyberGhost’s irresistible offer
  5. AMD confirms bug causing its GPU driver to overclock CPU without permission
  6. OnePlus: OxygenOS 12 restricts the refresh rate on some very popular applications
Deepak GuptaApril 6, 2022
0

Related Articles

Pixel 6: a new bug automatically rejects calls

April 18, 2022

Cyberpunk 2077 and the path of redemption

September 19, 2022

Now you can also make direct on Pinterest

May 5, 2022

The Ryzen 7 5800X3D already overclocked to over 5.0 GHz by MSI a few days before launch

April 18, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *