VLC is a very popular media player in the world because it is simple, open source and available on all platforms. Maybe that's why this application is used by a well-known Chinese hacker group to spread malicious malware to steal data.
Cybersecurity firm Symantec said that a Chinese hacker group called Cicada (also known as Stone Panda or APT10) leveraged VLC on the Windows operating system to launch malicious malware capable of stealing user data, as well as spying on governments and organizations.
In addition, Cicada targets the legal and nonprofit sectors, as well as organizations with religious affiliations. Today, hackers have attacked a wide network, with targets in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro and Italy.
According to Symantec, Cicada infiltrated malware into VLC. This is a technique hackers often rely on to sneak malware into actually clean software.
Cicada then uses a VNC remote access server to take full ownership of the compromised system. They can evade detection using hacking tools like Sodamaster, which scans targeted systems, downloads more malicious packages, and obscures communication between compromised systems.
The VLC attack, according to Symantec, may have been going on since 2021 after the group managed to infiltrate the Microsoft Exchange server. Researchers believe this malware was used for espionage.
Where previously Cicada targeted the health care industry, now they are also attacking the defense, aviation, shipping, biotechnology, and energy sectors. With lots of funds and sophisticated tools and techniques, groups like Cicada pose a serious threat to computer systems around the world.
There are a number of steps you can take to help protect against hacking, from maintaining up-to-date security software, using strong passwords, and backing up important data.