Beloved VLC Media Player Exploited By Chinese Hackers In Long Running Malware Campaign
There is a strong possibility that if you're reading this website, you are familiar with VLC Media Player. The popular application, which bundles important codecs along with the player rather than relying on the OS to provide them, is the video player of choice for millions of people who became tired of fussing with "codec packs" and older versions of Windows' poor video playback support.
Like every application that wasn't specifically designed otherwise, VLC draws extensively on support libraries. On Windows, these come in the form of .DLL files. It's quite trivial to modify or replace one of these .DLL files to alter the functionality of the program; this is the basis for a great many PC game mods such as ReShade, 3DMigoto, SpecialK, and others.
However, this technique can also be exploited by bad actors. DLL side-loading, as it's called, can be used to turn an otherwise-innocuous application into a malware delivery device. That's exactly what state-sponsored Chinese hackers from the "Cicada" group have been doing to poor old VLC Media Player since the middle of last year.
This particular attack was documented by security researchers working for Symantec, who say that the attackers had access to some of the victimized networks for as long as nine months. Cicada has traditionally been focused primarily on Japan, but it seems that with this attack the group struck targets in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy.
Don't worry—application download and update servers weren't compromised, so you're not at risk unless you work for a government or NGO targeted by the hackers. Even then, it's not actually VLC that's at fault; BleepingComputer says that when deploying the exploit, the hackers used security holes in other software, like unpatched versions of Microsoft Exchange. It makes for a grim reminder to keep your software updated.
