VLC is a very popular media player. The reason for this is that it takes up minimal PC space, loads fast and works with almost every video format, all of which make it a favorite of all. Now, a new report suggests that scammers are using its popularity to launch malware attacks on users.
This sector is the target of hackers
According to a report by cybersecurity researchers at Symantec, a state-sponsored Chinese conglomerate named Cicada or APT10, has been involved in government, legal, religious, telecommunications, pharmaceutical and non-governmental organizations (NGOs) in countries around the world, including Europe, Asia and North America. ) is using VLC Media Player on Windows PC to launch malware. Victims of cicada cyber attacks are spread across the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Italy and Japan.
According to the report, the attackers use the legitimate VLC media player by launching a custom loader through the VLC Exports function. Simply put, they put malware on legitimate software. They then use WinVNC tools to remotely control the victims’ machines.
Also read- Payment will be done with Google Pay without opening the app, use this magical feature like this
Hackers do this after getting control
Once attackers gain access to the victims’ machines, they deploy a number of different tools, including a custom loader and Sodamaster Backdoor, which is a fileless malware capable of many tasks, such as keying in a registry key. Avoid sandbox detection by probing or delaying execution, enumerating the target system’s username, hostname, and operating system, discovering running processes, and downloading and executing additional payloads. The tool is also capable of intercepting and encrypting the traffic that is sent back to its command-and-control (C&C) servers, the report said.
Also read- Vivo’s first foldable phone will be really cheap? Check Price Before Launch
The attack started in mid-2021
The cicada attack began in mid-2021, most recently observed in February 2022, in which hackers used an advanced vulnerability in Microsoft Exchange Server to gain access to the victim’s network.
Researchers believe that Cicada is delivering malware using the VLC media player to spy on its victims. “The victims targeted, the various tools deployed in this operation, and what we know about cicada’s past activity all indicate that the most likely target of this operation is espionage,” the researchers wrote in a post.