VLC, one of the most popular multimedia players, has become a means by which to carry out cyber espionage campaigns, with the spread of malware.
Among the different techniques used by cyber criminals to spread malware and successfully carry out cyber attacks is precisely that of using known and legitimate applications and services, to infect as many PCs as possible and send stolen data to their servers.
Legal applications to infect pc.
Last year the experts would have identified perfect copies of the well-known VLC in which the malicious code had been integrated. In fact, by installing the application, the criminals were able to access the PC and steal the data of unsuspecting victims. This type of technique, which consists in using copies of legitimate applications to spread malware, is also widely used to infect mobile devices, particularly using well-known apps.
In the specific case of VLC, according to Symantec researchers, Chinese hackers have exploited the famous program to spy on organizations and governments, thanks to the fact that it is well known, light and used on the most diverse devices since it manages audio and video files. The sectors targeted by criminals in this latest campaign of attacks were the legal, non-profit and even religious sectors. The countries affected include the United States, Canada, Hong Kong, Turkey, Israel, India, Montenegro, Japan and even Italy.
The famous phishing emails that lead to malicious downloads are used to trick users into installing bogus apps, directing users to sites from which to download apps. In the past this technique had been used successfully by imitating the Netflix App, attracting users with the illusion of promotions and discounts.
How to defend yourself from mischievous downloads.
Once the terminal is infected, the hackers obtain access to a series of data, including login credentials, remaining in the system, in silent mode, even for a long time, up to 9 months according to the information that experts have collected so far.
How to defend yourself? The advice that always applies to avoid installing malicious applications on your devices is to always download from official channels and official sites, avoiding clicking on links in e-mails or text messages received. In case of doubt it is always good not to follow the links but to reach the official website from the browser, thus verifying any real promotions and offers. The same rule is also valuable in the case of downloading VLC or other programs: always connect to the official website before installing any application.
