I bet you might have used VLC Media Player at least once in your lifetime. Turns out the popular media player is now being used as a carrier to carry malicious codes. Security researchers have unearthed this horrific malicious campaign which is likely associated with the Chinese government.
VLC Media Player is being used to deploy a custom malware loader
According to the reports, the malicious campaign is being used by hackers linked to the Chinese government targeting legal, government, religious activities as well as non-governmental organizations. The report adds that the attacks are orchestrated by the hacker group Cicada (also known as APT10 and Stone Panda).
The hacking attacks are majorly focused across at least three continents with major countries like India, Turkey, US, Canada, Hong Kong, Israel, Italy, and Montenegro. Researchers have added that Cicada is looking forward to expanding its horizons given the fact that it has majorly targeted Japan.
The Cicada-backed malicious campaign
According to the reports, Cicada has been using VLC Media Player as a front to carry out its malicious campaign that started back in mid-2021. It is likely still active. The hackers were able to breach into the Microsoft Exchange server after exploiting a vulnerability on the unpatched systems.
The modus operandi of the campaign states that after getting access to a machine, a custom loader is deployed using the VLC media player. Here, the hackers already laced VLC with a custom-made malicious DLL file embedded in its export functions that would carry out malware to the victim systems.
Hackers are also using Sodamaster backdoor on affected systems which have been an exclusive tool used by the Cicada group.
It seems like Cicada has expanded its areas of interest as it would usually target healthcare, aerospace, finance, biotechnology, energy, government sectors, and maritime-linked Japanese companies, however, it has now expanded to cover at least three continents as mentioned above.