Chinese Hackers Use VLC Media Player to Launch Malware Attacks

Probably state-sponsored hacks began in 2021

VLC is a super popular media player for a good reason: it’s free, open source, and available on just about every platform imaginable. Plus, it can handle virtually any audio or video file you throw at it. VLC is also light on resources, which means it won’t slow down your Windows computer – unless, perhaps, it’s hiding malware. A new report says it’s entirely possible, thanks to the efforts of a notorious Chinese hacking gang.

Cybersecurity experts from Symantec claim that a Chinese hacking group called Cicada (aka Stone Panda or APT10) exploits VLC on Windows systems to drop malware used to spy on governments and related organizations. Additionally, Cicada has targeted the legal and nonprofit sectors, as well as organizations with religious ties. The hackers cast a wide net, with targets in the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro and Italy.


According to Symantec, Cicada fetches a clean version of VLC and drops a malicious file next to the media player’s export functions. It’s a technique that hackers frequently rely on to infiltrate malware into what would otherwise be legitimate software. Cicada then uses a VNC remote access server to fully own the compromised system. They can then evade detection using hacking tools such as Sodamaster, which scans targeted systems, downloads more malicious packages, and masks communications between compromised systems and command-and-control servers from hackers.

The VLC attacks – which Symantec says may be underway – began in 2021 after hackers exploited a known vulnerability in Microsoft Exchange Server. The researchers say that while the mysterious malware doesn’t have a fun and dramatic name like Xenomorph or Escobar, they’re certain it’s being used for espionage purposes – Cicada’s focus suggests that this guess is correct . While the group has taken on the healthcare industry in the past, it has also taken on the defense, aviation, shipping, biotechnology and energy sectors.

With plenty of funding and sophisticated tools and techniques, groups like Cicada continue to pose a serious threat to computer systems around the world. There are a number of steps that can be taken to help protect against state-sponsored hacking, including updating security software, using strong passwords, and backing up important data. . After all, no one wants to make hackers’ jobs easier.

wooden chair backrest samsung galaxy a53

The best Samsung Galaxy A53 cases in 2022

Read more

About the Author

Leave a Comment