Chinese hackers use VLC player to carry out their attacks

Chinese hackers use VLC player to carry out their attacks

Reported by Symantec and Bleeping Computer reportsA massive attack Organized by a group of Chinese hackers, it is said to have been launched in mid-2021 before continuing until February this year.

This group is affiliated with the Chinese government, known as Chicada, and is also known as Menupas, ABD10 or Red Apollo. It will be more than fifteen years.

Massive attack for spying

This hacking campaign is said to target many targets involved in legal, governmental or religious activities, although NGOs have also been targeted.

Victims have been registered on three different continents and are on the list of countries including the United States, Hong Kong, India, Italy, Canada and Japan. In the past, the group had already carried out a post-attack and had been in control of the victim’s machine for almost nine months.

The VLC was behind the attack

Although the software itself is secure, the executable file uses a side-loaded DLL compromised by a hacker group. This well-known attack involves replacing the file required for the operation of the software.

When starting a file, the program will use the corrupted element instead of the original. Group “exploitation” is the replacement of one (very specific) version of these files by a code that is stolen from the system’s memory without the use of a single file. This allows you to avoid detection and delay its initialization.

The team has already used this technique to deploy the WinVNC server and remotely control the computers when accessing existing files using the Microsoft Exchange server.

Do not panic

Although this attack targeted the popular reader, the application was found to be clean. In the end, the average user does not have to rush to their software library to uninstall a program.

This method was in favor of the pirates Very specific goals. However, be aware of the security of your devices connected to the network.

Leave a Reply

Your email address will not be published. Required fields are marked *