- #What is vlc media player used for install
- #What is vlc media player used for rar
- #What is vlc media player used for download
#What is vlc media player used for rar
A RAR archiving program, which has the role to compress, encrypt and archiving files, actions believed to be performed for exfiltration purposes.Other utilities that have been identified as part of this campaign are the following:
What Other Utilities Have Been Identified?
#What is vlc media player used for download
What can the malware also do is gather system info, look for running processes, and download and run payloads from the command and control server. It is a powerful backdoor that Cicada has been using since at least 2020. It is also capable of obfuscating and encrypting traffic that it sends back to its command-and-control (C&C) server. It is a fileless malware that is capable of multiple functions, including evading detection in a sandbox by checking for a registry key or delaying execution enumerating the username, hostname, and operating system of targeted systems searching for running processes, and downloading and executing additional payloads. Sodamaster is a known Cicada tool that is believed to be exclusively used by this group. Sodamaster operates in system memory (fileless) and can elude discovery by scanning for sandbox environment cues in the registry or delaying its execution. This tool is thought to have been used solely by the Cicada hacking group since at least 2020. It seems that apart from the proprietary loader the hacker also used a WinVNC server to obtain remote access to victim systems.īesides, the threat actor under discussion installed the Sodamaster backdoor on infiltrated networks. What is DLL side-loading? DLL side-loading is a technique used by threat actors to load malware into normal processes in order to mask malicious activity. The threat actor utilizes a clean version of VLC with a malicious DLL file in the same location as the media player’s export functions, according to Brigid O Gorman of Symantec Threat Hunter Team.
#What is vlc media player used for install
They discovered that after getting access to the target PC, the hacker used the popular VLC media player to install a modified loader on compromised devices. The ones who published a report on this topic were the Symantec researchers. Specific evidence shows that the actor gained access to some of the penetrated networks via a Microsoft Exchange server, implying that the threat actors took advantage of a known vulnerability on unpatched devices. According to researchers, similar actions may continue now.
The current malicious campaign led by Cicada began in the middle of 2021 and was still going strong in February 2022.
Source Cicada Malicious Campaign: More Details The attribution of this activity to Cicada is based on the presence on victim networks of a custom loader and custom malware that are believed to be exclusively used by the APT group. However, this campaign does appear to indicate a further widening of Cicada’s targeting. Cicada’s initial activity several years ago was heavily focused on Japanese-linked companies, though in more recent times it has been linked to attacks on managed service providers (MSPs) with a more global footprint. The wide number of sectors and geographies of the organizations targeted in this campaign is interesting. (…) Victims in this Cicada (aka APT10) campaign include government, legal, religious, and non-governmental organizations (NGOs) in multiple countries around the world, including in Europe, Asia, and North America. Its purpose is the launching of a custom malware loader by means of the VLC Media Player.Ī Chinese state-backed advanced persistent threat (APT) group is attacking organizations around the globe in a likely espionage campaign that has been ongoing for several months. A lasting malicious campaign employed by threat actors linked to the Chinese government has been recently discovered by security experts.