This file is located in the same folder as the export function’s path, and is used by the attackers to launch a custom malware loader.
They said that some hackers took the clean version of VLC, added a malicious DLL file to it and distributed it, aka DLL side-loading. This was confirmed by a member of Symantec’s Threat Hunter Team, in a statement released to Bleeping Computer. The second section of the report (highlighted in the image) mentions that attackers needed access to the victim machines, before they could launch the malware attack. The rest of the report should be taken into context. This is not correct, VLC is not the reason for the malware attacks like these websites allege. This statement’s wording is quite confusing, and was misinterpreted by some blogs, who wrote that VLC is vulnerable and that hackers are using it to launch malware attacks. “The attackers also exploit the legitimate VLC Media Player by launching a custom loader via the VLC Exports function, and use the WinVNC tool for remote control of victim machines.” Symantec’s Security Threat Intelligence blog mentions the following statement. One of these tools is a modified version of the popular open source media player, VLC. Hackers distributed a modified version of VLC to use it for triggering a custom malware loader
Ghacks : Symantec says that hackers distributed a modified version of VLC and exploited it for malware attacks
0 kommentar(er)
