hi all, i don't know if this is the right place to ask this question.
i have read that the installation file has been used by some evil chinese hackers to spread viruses. what can you tell me about?
thank you
what can you tell me about?
From how the article was written, it appeared that the hacked vlc was distributed from the original site itself.
Researchers at Symantec, a division of Broadcom, found that after gaining access to the target machine the attacker deployed a custom loader on compromised systems with the help of the popular VLC media player.
Brigid O Gorman of Symantec Threat Hunter Team told BleepingComputer that the attacker uses a clean version of VLC with a malicious DLL file in the same path as the media player's export functions.
The technique is known as DLL side-loading and it is widely used by threat actors to load malware into legitimate processes to hide the malicious activity.
...
Several other utilities have been observed in this campaign include:
RAR archiving tool - helps compress, encrypt, or archive files, likely for exfiltration
System/Network discovery - a way for attackers to learn about the systems or services connected to an infected machine
WMIExec - Microsoft command-line tool that can be used to execute commands on remote computers
NBTScan - an open-source tool that has been observed being used by APT groups for reconnaissance in a compromised network
Return to “Contribute and help the VideoLAN project”
Users browsing this forum: No registered users and 3 guests