VLC is a super-popular media player for good reason: It's free, open source, and available on just about every platform imaginable. Plus, it can handle basically any audio or video file you throw at it. VLC is also light on resources, meaning it won't slow down your Windows computer — unless, perhaps, it's hiding malicious software. A new report indicates that's entirely possible, due to the efforts of a notorious Chinese hacking gang.
Symantec's cybersecurity experts say a Chinese hacking group called Cicada (aka Stone Panda or APT10) is leveraging VLC on Windows systems to launch malware used to spy on governments and related organizations. Additionally, Cicada has targeted legal and non-profit sectors, as well as organizations with religious connections. The hackers have cast a wide net, with targets in the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
According to Symantec, Cicada grabs a clean version of VLC and drops a malicious file alongside the media player's export functions. It's a technique that hackers frequently rely on to sneak malware into what would otherwise be legitimate software. Cicada then uses a VNC remote-access server to fully own the compromised system. They can then evade detection using hacking tools like Sodamaster, which scans targeted systems, downloads more malicious packages, and obscures communications between compromised systems and the hackers' command-and-control servers.
The VLC attacks — which Symantec believes may be ongoing — began in 2021 after hackers exploited a known Microsoft Exchange server vulnerability. Researchers indicate that while the mysterious malware lacks a fun, dramatic name like Xenomorph or Escobar, they are certain it's being used for espionage — Cicada's focus hints that this guess is correct. While the group has gone after the healthcare industry in the past, it's also been attacking the defense, aviation, shipping, biotechnology, and energy sectors.
With plenty of funding and sophisticated tools and techniques, groups like Cicada continue to pose a serious threat to computer systems around the world. There are a number of steps that can be taken to help protect against state-sponsored hacking, including maintaining up-to-date security software, using strong passwords, and backing up important data. After all, no one wants to make the hackers' jobs any easier for them.