Chinese hackers use VLC to launch malware on Windows: report

Hacking group Cicada reportedly leverages VLC to load malware onto devices for espionage

VLC website on a smartphone

Chinese hacking group ‘Cicada’ is reportedly using popular media player VLC to launch malware on Windows machines.

As reported by cybersecurity researchers at Symantec (via Android Police), the hacking group targeted governments and related organizations, legal and non-profit businesses, and organizations with religious connections. The group hit targets in the U.S., Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.

Symantec explained that Cicada — which also goes by Stone Pandar or APT10 — exploits legitimate versions of VLC by launching a “custom loader” via the software’s ‘Exports’ function. Then, it uses the ‘WinVNC’ tool to gain remote control of the victim’s machine.

Once Cicada has remote control, it can deploy a hacking tool called ‘Sodamaster’ to evade detection and scan systems, download more malicious packages, and conceal communications between compromised systems and the hackers’ command-and-control servers.

Symantec believes the VLC attacks may be ongoing, and that they began in 2021 after hackers exploited a known vulnerability with Microsoft Exchange.

The best thing for users to do to protect themselves is to keep software up-to-date, use strong passwords, and back up important data.

Source: Symantec Via: Android Police

MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.

Related Articles