This application has been used by Chinese hackers to spread malware-Information Technology

Recently, security researchers at Symantec discovered that the Chinese hacker group APT10 (also known as Stone Panda, Cicada) used VLC media player to spread malware.

VLC is one of the most popular media players out there, simply because it’s free, open-source, and available on most platforms. Besides, this software can also open almost all video and audio formats… without slowing down the computer.

However, security researchers have discovered that the Chinese hacker group APT10 has taken advantage of VLC software to spread malware, spy on the government and related organizations.

In addition, this group also targets the legal and non-profit sectors, as well as religious organizations, companies in the telecommunications, legal and pharmaceutical sectors in the US, Canada, Hong Kong, Turkey, Israel, India, Montenegro and Italy.

According to Symantec, APT10 used a clean version of VLC and embedded more malicious files inside the Export function. After successfully infiltrating the system, the malware uses the remote server to control everything.

To avoid detection, the hackers used the Sodamaster tool to download additional malicious files, in order to conceal communications between the compromised systems and the control server.

The researchers believe that the VLC attacks began in 2021 after hackers exploited a vulnerability in Microsoft Exchange.

APT10 used to target the healthcare industry, but recently they have shifted their focus to defense, aviation, shipping, biotechnology and energy. Compared to previous targets, APT10 has expanded its interest to companies with links to Japan.

With a lot of funding and sophisticated technical tools, hacker groups like APT10 continue to be a serious threat to computer systems around the world. The group is said to have been active for more than 15 years, at least since 2006.

At least 2 members of APT10 have been charged in the US with hacking computers, helping China’s Ministry of State Security (MSS) obtain intellectual property and confidential business information from service providers, US government agencies, and more than 45 technology companies.

Updating security software, using strong passwords, and backing up data are simple ways to secure your system.