VLC is one of the most popular media players on both desktop and mobile platforms. However, it seems that this software is poisoned by Chinese hacking gangs and now acts as a malware spreader. As per the Android Police report (via Symantec), a Chinese hacking group called Cicada (aka Stone Panda or APT10) uses VLC on Windows systems to target governments and organizations with malware attacks. Also, most of the victims are located in the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy. Legal organizations, non-profit sectors, and organizations with religious connections are some common targets for the Cicada group. The Cicada group also uses a common and traditional method for targeting its victims. They poison a clean version of VLC with a malicious file and then spread it among the victim groups. Also, they leverage a VNC remote-access server to control the victim’s systems fully. This method is used by most hacking groups globally. Moreover, by using hacking tools like Sodamaster, they can avoid detection.
Cicada has a long history of attacking various sectors
This is not the first attack that the Cicada group carried out. Previously, some of their attacks on defense, aviation, shipping, biotechnology, and energy sectors were also detected. The healthcare industry has also been a common target for Cicada. Symantec says the attacks started in 2021 after Cicada hackers could exploit a known Microsoft Exchange server vulnerability. Also, Symantec experts believe the attacks were carried out for espionage purposes. Chinese hacking groups have always posed threats to other countries’ security and sensitive infrastructure. Some Western experts believe that these groups are led directly by the Chinese government and that the information obtained by them is provided to the Chinese security agencies. Some well-known Chinese companies have also been sanctioned for collaborating with the Chinese government to spy. Huawei is one of the most prominent ones, being blacklisted by the US government and facing the toughest sanctions. Also, do not forget that some sources have previously reported on Huawei’s efforts to install a backdoor in a project in Pakistan.