Watch out! Hackers are using this well-known program to hack your PC

Over time, the amount of personal data that we store and use on our computers is increasing. Hence, we must take care of the security provided by the programs we install so that there are no leaks or security flaws, as has happened now with VLC.

Surely many of you already know that here we refer to one of the most loved and used multimedia players in the world. This is a product that has gained the trust of most over the years and we find it on most desktops and mobile devices. However, from what we know now, security researchers have discovered a malicious campaign that directly affects this software.

Hackers are using this well-known program to hack your PC

Specifically, we mean that a series of hackers associated with the Chinese government are using VLC to launch a custom malware loader . At first, everything indicates that this is for espionage purposes. We say this because it initially targets various entities related to government, legal, and religious activities. Similarly, traces of attacks via the app have been seen on non-governmental organizations on at least three continents.

It is worth mentioning that the malicious activity has been attributed to a well-known group calling themselves Cicada. We are talking about an attacker who has already used other names in the past and who has been active since 2006. At the same time, it is interesting to know that the first movements in this regard were detected in the middle of 2021, but he has remained active. to the present.

VLC, victim of espionage malware

To give us an idea of all this, there is evidence that the initial access to some of the compromised networks was made through a Microsoft Exchange server . Later, experts from the security company Symantec discovered that, after gaining this access, the attacker deployed a custom loader on other compromised systems with the help of the aforementioned VLC .

fotograma vlc

As has now been discovered, the attacker uses a clean version of the popular media player. It includes a malicious DLL file stored in the same path as the media player’s export functions. This is a technique known as DLL sideloading and is widely used to load malware into legitimate processes and hide malicious activity. In addition to the custom loader that we mentioned, a WinVNC server is also displayed. With this it is possible to obtain remote control of the systems of the affected victims.

In turn, this same attacker that we are discussing uses a tool that is believed to be proprietary, Sodamaster, and has been used since at least the past year 2020. It runs in the system memory and is equipped to evade detection by the attacker. security software installed. The entire malicious set is also prepared to collect a large amount of information from the affected computer . We talk about data of the importance of the operating system or the running processes. In addition to downloading and executing various dangerous payloads from the control server.