VLC media player is reportedly under Chinese malware threat

Symantec’s cybersecurity experts say a Chinese hacking group called Cicada is using VLC on Windows systems to launch malware used to spy on governments and related organizations. 

Additionally, Cicada has targeted legal and non-profit sectors, as well as organizations with religious connections. The hackers have cast a wide net, with targets in the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.

According to Symantec, Cicada uses a clean version of VLC to implant a malicious file alongside the media player’s export functions. It’s a technique that hackers frequently rely on to sneak malware into what would otherwise be legitimate software. 

Cicada then uses a VNC remote-access server to fully own the compromised system. They can then evade detection using hacking tools like Sodamaster, which scans targeted systems, downloads more malicious packages, and obscures communications between compromised systems and the hackers’ command-and-control servers.

The VLC attacks probably began in 2021 after hackers exploited a known Microsoft Exchange server vulnerability. Researchers indicate that while the mysterious malware lacks a fun, dramatic name like Xenomorph or Escobar, they are certain it’s being used for espionage.