Hackers use VLC Media Player as a malware slingshot

Ironically, Chinese hackers misuse the popular video player software VLC Media Player to spread malware. This is reported by the US IT security news site Bleepingcomputer. The hackers are said to be close to the Chinese government.

The malware campaign is said to have been running for some time and started as early as mid-2021. Apparently it’s for espionage purposes. Targets are said to be various government and judicial agencies as well as religious and non-profit organizations located in America, Asia and Europe. Computers in Germany are obviously not affected.

The attackers apparently exploited an unpatched vulnerability in a Microsoft Exchange server to spread their malware. The attackers camouflaged the malware with the well-known VLC video player. The actual VLC file was fine, but it used a malicious DLL file to inject and disguise the malware at the same time. The attackers also used a WinVNC server to remotely control the infected computers.

The attackers also used the Sodamaster backdoor on the compromised networks. This malware can disguise itself cleverly. Taken together, the widespread malicious programs collect data on the infected computers and enable them to be controlled remotely by a command-and-control server.