1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • VLC media player is being hiajcked to send out malware

    From TechnologyDaily@1337:1/100 to All on Thu Jan 12 17:15:03 2023
    VLC media player is being hiajcked to send out malware

    Date:
    Thu, 12 Jan 2023 17:03:00 +0000

    Description:
    Someone's abusing VLC to launch side-loading attacks and deploy Cobalt Strike beacons to victims in Australia.

    FULL STORY ======================================================================

    Cybercriminals have been discovered abusing the popular VLC multimedia player to deliver Cobalt Strike beacons to targets in Australia.

    The campaign includes SEO poisoning and the Gootkit loader malware and
    targets victims searching for healthcare institutions in Australia.

    The malware was discoverd by Trend Micro, with described how the threat
    actors created a malicious website, designed to look like a forum, where a user shared a healthcare-related agreement document template inside a ZIP archive, in response to a query. "Poisoning" search engine results pages

    Then, in order to get the website to rank high on Google, they poisoned the search engine results pages by adding the link to the malicious site to as many articles and social media posts online, as possible.

    Whenever a website is heavily linked to, Googles algorithm perceives it as authoritative and pushes it higher on its results pages. In this campaign,
    the researchers found the malicious website ranking highly for
    medical-related keywords such as hospital, health, medical, and agreement - paired with the names of cities in Australia.

    Victims that fall for the trick and download the malicious ZIP archive onto their endpoints would actually get Gootkit loader components which later drop a PowerShell script that downloads more malware onto the target device. Among the files the loader grabs is a legitimate, signed copy of the VLC media player and a malicious DLL file that, when triggered, deploys the Cobalt Strike beacon. Read more

    Check out the best endpoint protection software around


    Microsoft SQL servers hit by Cobalt Strike attacks


    Patched Cobalt Strike vulnerabilities could have dealt a crippling blow to
    malicious users

    The VLC media player file is shown as the Microsoft Distributed Transaction Coordinator (MSDTC) service. If the user runs it, VLC will look for the DLL file and run it, infecting the device in whats generally known as a side-loading attack.

    Cobalt Strike is a commercial pentesting tool allowing the user to deploy an agent named 'Beacon' on the victim machine. Cybercriminals use it to scan the target network, move laterally, steal passwords and other sensitive data, and deploy more devastating malware. Cobalt Strike beacons are often followed up with a ransomware attack. This are the best antivirus solutions right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/vlc-media-player-is-being-hiajcked-to-send-out- malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)