Skip to main content
  1. Home
  2. Computing
  3. News

Chinese hackers use VLC media player to launch cyberattacks

Add as a preferred source on Google

Researchers discovered that Chinese hackers have been using VLC Media Player to launch cybersecurity attacks.

The hacker group, allegedly affiliated with the Chinese government, uses the popular video player to deploy malware on the targeted computer.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

These activities have been traced down to a hacker group called Cicada, which is also known by a long list of other names, such as menuPass, Stone Panda, APT10, Potassium, and Red Apollo. Cicada has been around for a long time — at least since 2006.

Recommended Videos

The malware deployed to the victims of the attack opens the door for hackers to obtain all kinds of information. It can grant knowledge on everything about the system, scour through running processes, and download files on command, only broadening the potential for misuse. Such stealth attacks are not uncommon, but this one seems to have taken place on a large scale.

This campaign, involving the popular VLC Media Player, appears to have been started for espionage purposes. According to a report by Bleeping Computer, the targets involve a wide range of entities involved in legal, governmental, or religious activities. Non-governmental organizations have also been targeted. What’s perhaps more staggering is that this activity has spread to entities across at least three continents.

Some of the targeted countries include the U.S., Hong Kong, India, Italy, and Canada. Surprisingly, only one of the victims was from Japan. Cicada group has previously targeted Japan for its cyberattacks many times in the past. Once the attackers gained access to the victim’s machine, they were able to maintain it for up to nine months.

VLC Media Player.
Image used with permission by copyright holder

Although VLC was exploited to deploy malware, Bleeping Computer says that the file itself was clean. It appears that a safe version of VLC was combined with a malicious DLL file located in the place as the export functions of the media player. This is referred to as DLL side-loading, and Cicada is not alone in using this technique to upload malware into programs that are otherwise secure.

The custom loader used by Cicada has apparently been seen in previous attacks that were also connected to the hacker team. In order to first gain access to the networks that were breached, a Microsoft Exchange server was exploited. Additionally, a WinVNC server was deployed as a means of establishing remote control over the systems affected by the hidden malware.

There’s more to the VLC exploit than first meets the eye. On top of that, an exploit called Sodamaster was used, which runs stealthily in the system memory without requiring any files. It’s capable of avoiding detection and can delay execution at startup.

The information comes from Symantec and was reported by Bleeping Computer. Symantec’s researchers discovered that these cybersecurity attacks may have started in mid-2021 and continued taking place in February 2022. However, it’s entirely possible that this threat continues to this day.

Although these attacks are certainly dangerous, it’s probable that not every user of VLC needs to worry. Bleeping Computer has stated that the VLC file in question was clean and the hackers seem to have a very targeted approach, centered on certain entities. However, it’s always important to stay on top of security where PCs are concerned.

Update 04/11/2022: We have contacted VLC and asked for an official statement on the matter. According to the developers, the program is “very safe to use,” and it has has, so far, “not been hacked or in breach of security.”

In order to avoid running into security issues, VLC recommends that all users only download the program from the official website and no other sources. In addition, it’s recommended that the program is kept updated on a regular basis.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
ASUS Zenbook Duo UX8407AA review: Two screens finally earned their place in my bag
Two machines are definitely better than one, but on the same laptop? Asus nailed it, but you must be willing to pay for the convenience.
ASUS Zenbook Duo has two displays

See at Amazon

Two displays on a laptop once sounded like an elaborate solution waiting for the right problem. ASUS has spent the past few generations steadily proving otherwise. After using the latest Zenbook Duo (2026) UX8407AA for over two weeks, I started arranging my daily routine around that second display. 

Read more
How Claude helped my 65-year-old dad finally ditch his handwritten ledgers
AI has a lot to answer for, but this one small win is hard to argue with, at least for me.
Claude app on iPhone

My dad has owned a small business for as long as I can remember, and for just as long, he's kept his books the old-fashioned way. Every sale gets written down by hand so he can file his taxes later. The problem is that his accountant needs this data in Excel, and my dad, who didn’t grow up around computers, has never learned how to use it.

For years, his workaround was paying someone to manually type his handwritten entries into a spreadsheet. It worked, but it was adding additional cost to his business, which he wanted to avoid, but couldn't.

Read more
AI’s energy tax was already concerning. Research says AI agents are over hundred times worse
AI agents could consume 136 times more energy than today's AI, study finds
AI agents

The AI industry's soaring electricity demand has already become a growing concern for governments, utilities, and technology companies. But a new study suggests the next generation of artificial intelligence could make that problem significantly worse.

Researchers from the Korea Advanced Institute of Science and Technology (KAIST) have published what they describe as the first comprehensive analysis of the energy cost of AI agents - AI systems capable of reasoning, planning, and completing tasks autonomously. Their findings show that these systems can consume up to 136.5 times as much energy per query as conventional generative AI models, raising fresh questions about whether the infrastructure supporting tomorrow's AI is ready for what's coming.

Read more