VLC media player is used by Cicada to deploy malware

VLC Cicada malware

I bet you may have used VLC Media Player at least once in your life. It turns out that the popular media player is now being used as a carrier to carry malicious codes. Security researchers have unearthed this horribly malicious campaign likely associated with the Chinese government.

VLC Media Player is used to implement a custom malware loader

VLC Cicada malware

According to the reports, the malicious campaign is being used by hackers associated with the Chinese government and targeting legal, government, religious activities and non-governmental organizations. The report adds that the attacks are being orchestrated by the hacker group Cicada (aka APT10 and Stone Panda).

The hacking attacks mainly target at least three continents involving major countries such as India, Turkey, the US, Canada, Hong Kong, Israel, Italy and Montenegro. Researchers have added that Cicada is looking forward to broadening its horizons, given that it has focused primarily on Japan.

The Cicada Supported Evil Campaign

According to the reports, Cicada is using VLC Media Player as a cover to run its malicious campaign that started in mid-2021. It is probably still active. The hackers were able to break into the Microsoft Exchange server after exploiting a vulnerability on the unpatched systems.

The campaign’s modus operandi states that after accessing a machine, a custom loader is deployed using the VLC media player. Here, the hackers have already provided VLC with a custom malicious DLL file embedded in the export functions that would execute malware to the victim’s systems.

Hackers are also using Sodamaster backdoor on affected systems, an exclusive tool used by the Cicada group.

It seems that Cicada has expanded its areas of interest as it would usually focus on healthcare, aerospace, finance, biotechnology, energy, government sectors and maritime related Japanese companies, but it has now expanded to at least three continents as mentioned above.

Leave a Comment