Cicada uses VLC Player to Malvertise
The most popular VLC media player has been malvertised by threat actor CICADA aka APT10 for distributing malware and spy on government agencies and adjacent organizatation researchers have warned.
Victims are located mostly located in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro, and Italy. Cicada in general targets Japan, but now since it’s targetting more countries it shows attack horizon brodened.
The malware used as part of this latest round of attacks does not have a name, but researchers from Symantec, who were responsible for the discovery, believe it’s being used for espionage.
Apparently, the threat actor, which seems to be of Chinese origin, used a known Microsoft Exchange server vulnerability to gain initial access. The campaign started in mid-2021 and could still be ongoing.
The attackers “side-loaded” the malware, using a clean version of VLC with a malicious DLL file in the same path as the media player’s export functions. Cicada also deployed a WinVNC server for remote control and the Sodamaster backdoor that collects data on system details and active running process in the system