Virus in vlc setup

Want to help the VideoLAN project? Designers, testers, translators, please come...
This is NOT about GETTING some help.
Forum rules
Please read the forum's rules carefully before posting. This forum should not be used to post VLC usage related questions.
Trip
New Cone
New Cone
Posts: 5
Joined: 26 Mar 2022 07:56

Virus in vlc setup

Postby Trip » 07 Apr 2022 14:29

hi all, i don't know if this is the right place to ask this question.
i have read that the installation file has been used by some evil chinese hackers to spread viruses. what can you tell me about?

thank you

Lotesdelere
Cone Master
Cone Master
Posts: 9974
Joined: 08 Sep 2006 04:39
Location: Europe

Re: Virus in vlc setup

Postby Lotesdelere » 07 Apr 2022 14:36

what can you tell me about?

Nothing.
Just always download VLC from the official site:
https://www.videolan.org/vlc/

Trip
New Cone
New Cone
Posts: 5
Joined: 26 Mar 2022 07:56

Re: Virus in vlc setup

Postby Trip » 07 Apr 2022 15:12

hello, I always download vlc from the original site. :-P
From how the article was written, it appeared that the hacked vlc was distributed from the original site itself.

Lotesdelere
Cone Master
Cone Master
Posts: 9974
Joined: 08 Sep 2006 04:39
Location: Europe

Re: Virus in vlc setup

Postby Lotesdelere » 08 Apr 2022 11:56

From how the article was written, it appeared that the hacked vlc was distributed from the original site itself.

Where have you read that ? Give your source.
Because the exploit needs an access to the target computer, nothing is "distributed" with VLC itself:
Researchers at Symantec, a division of Broadcom, found that after gaining access to the target machine the attacker deployed a custom loader on compromised systems with the help of the popular VLC media player.
Brigid O Gorman of Symantec Threat Hunter Team told BleepingComputer that the attacker uses a clean version of VLC with a malicious DLL file in the same path as the media player's export functions.
The technique is known as DLL side-loading and it is widely used by threat actors to load malware into legitimate processes to hide the malicious activity.
...

Several other utilities have been observed in this campaign include:
RAR archiving tool - helps compress, encrypt, or archive files, likely for exfiltration
System/Network discovery - a way for attackers to learn about the systems or services connected to an infected machine
WMIExec - Microsoft command-line tool that can be used to execute commands on remote computers
NBTScan - an open-source tool that has been observed being used by APT groups for reconnaissance in a compromised network

Source:
https://www.bleepingcomputer.com/news/s ... re-loader/


Return to “Contribute and help the VideoLAN project”

Who is online

Users browsing this forum: No registered users and 2 guests