Security News > 2022 > April > Chinese hackers abuse VLC Media Player to launch malware loader

Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader.

Researchers at Symantec, a division of Broadcom, found that after gaining access to the target machine the attacker deployed a custom loader on compromised systems with the help of the popular VLC media player.

Brigid O Gorman of Symantec Threat Hunter Team told BleepingComputer that the attacker uses a clean version of VLC with a malicious DLL file in the same path as the media player's export functions.

The technique is known as DLL side-loading and it is widely used by threat actors to load malware into legitimate processes to hide the malicious activity.

The malware can also collect details about the system, search for running processes, and download and execute various payloads from the command and control server.

At least two members of the APT10 threat group have been charged in the U.S. for computer hacking activity to help the Chinese Ministry of State Security's Tianjin State Security Bureau get intellectual property and confidential business information from managed service providers, U.S. government agencies, and over 45 technology companies.

News URL

https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/