With the current fast-paced technology nowadays. Lots of fun are offered on the internet for free. This entices hackers to do their crimes. Hackers will do anything to steal precious confidential personal information. One of the media players in the market that mostly used by a lot of people today is the VLC developed by VideoLAN. Their methods of hacking recently include the use of the said software. It’s an open-source program and most of all, free. Because of that, the VLC player has become a source for malware if left un-updated to newer versions.
Table of Contents
Why Hackers Choose VLC
One of the simple reasons hackers managed to use the VLC player as a source for hacking, it’s popularity. The said player is very compatible with most Operating Systems especially Windows and Mac with over 3 billion downloads worldwide by hundreds of millions of users. Not only that, but it is now popular also to Android and iOS mobile platforms.
Because of this, hackers have made the VLC player as a developing ground for malware creation.
VLC Malware Exploitation
The first VLC malware exploit was discovered by Symeon Paraschoudis from Pen Test Partners identified the malware as CVE-2019-12874 which is a high-severity vulnerability as it was classified. It is also a double-free issue that thrives in the “zlib_decompress_extra” function of VideoLAN VLC player and gets activated when it parses a malformed MKV type of file with the Matroska demuxer.
Another researcher which is unnamed discovered the second VLC malware exploit, a high-risk flaw and called CVE-2019-5439. It is a read buffer overflow issue that resides in the “ReadFrame” function and can be activated using a malformed AVI video file.
Even though the proof-of-concepts delivered by both discoverers cause a crash error, potential hackers are still able to exploit these vulnerabilities to successfully execute arbitrary code with similar privileges of the targeted users.
The trick is the attacker just needs to create a malicious MKV or AVI video file that becomes a decoy for the users to play on using the un-updated vulnerable VLC media player versions. The said trick is similar to the infamous click-bait trap which is very popular in phishing sites.
Here is an overview of the hacking process; the user plays the downloaded malicious video file through the un-updated VLC program. After that, the malware has been successfully inserted into the user’s computer system and the hacker can steal targeted information thereon.
Why VLC Malware So Dangerous
Imagine after creating this VLC malware, potential hackers can easily target thousands of users in a short span of time. It is very easy for the attacker to do this after they successfully inserted the malicious files to the targeted ones. They can attach the malicious files unmasked through the video files. In torrent sites especially for those users who like pirated copies of a newly released movie or TV series like Game of Thrones episodes. This can also be copied from one user to another and can become very viral through social media sharing sites or the like.
Actions against the VLC Malware
The VideoLAN has already announced an advisory regarding this, by having ASLR and DEP protections enabled in their laptops or PC systems. In this way, it can help mitigate the threats but developers admit that bypassing still can occur after doing these protections.
The discoverer Paraschoudis has used the “honggfuzz fuzzing” tool find this issue along with four other bugs which were also patched by the VideoLAN team just a month ago. There are also 28 other bugs that are found by other security researchers through the EU-FOSSA bug bounty program.
Tips on Countering the VLC malware:
- It is highly recommended or a must that every user to update their VLC media player VLC to 3.0.7 or later versions.
- Avoid opening, playing or downloading video files from untrusted or fishy third party programs or sites.
- Get a strong Anti-virus or Antimalware program and have installed in your desktops, laptops or even mobile and tablet gadgets. Make sure that they are updated with the latest engine protection.
It is very important for users to be knowledgeable about malware and viruses. Don’t let the hackers get a chance to steal your precious confidential information like bank accounts, phone numbers, emails, and names.