Chinese hacking group ‘Cicada’ is reportedly using popular media player VLC to launch malware on Windows machines.
As reported by cybersecurity researchers at Symantec (via Android Police), the hacking group targeted governments and related organizations, legal and non-profit businesses, and organizations with religious connections. The group hit targets in the U.S., Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
Symantec explained that Cicada — which also goes by Stone Pandar or APT10 — exploits legitimate versions of VLC by launching a “custom loader” via the software’s ‘Exports’ function. Then, it uses the ‘WinVNC’ tool to gain remote control of the victim’s machine.
Once Cicada has remote control, it can deploy a hacking tool called ‘Sodamaster’ to evade detection and scan systems, download more malicious packages, and conceal communications between compromised systems and the hackers’ command-and-control servers.
Symantec believes the VLC attacks may be ongoing, and that they began in 2021 after hackers exploited a known vulnerability with Microsoft Exchange.
The best thing for users to do to protect themselves is to keep software up-to-date, use strong passwords, and back up important data.