Kieran Kunhya

with this custom version of VLC.

And it was the normal binaries of VLC, except they added one DLL.

I think it was psapi.dll, which was basically reading your document folder, encrypting that and sending that.

And the thing is,

This is very clever, to be honest, because once you're watching a movie, right, you're going to do that for two hours and you're not going to touch your computer.

And sometimes it's normal because it's HD that your fans are going up and say, and there is ton of CPU usage because you're using VLC, right?

That's normal.

But the thing is, what you don't see is that actually a powered version of VLC that is used by CIA.

We had exactly the same problem.

with Chinese hackers that were targeting Indian people.

And that got VLC banned from India until I had to fight in courts in India, the Indian government, to unban VLC.

They didn't use VLC.

They took just one DLL because we signed the DLL correctly.

And they used that DLL to do another program

So you had the VLC.exe and was calling libVLC, but it was calling it into a fake one, and they used that to target.

There is not much we can do, actually, to block those type of hacks.

No, they don't.

Absolutely not.

We have a big issue for like more than 10 years is that there is a fake version of VLC in Germany that was reported for now for 12 years.

And Google basically decides to not, they know what's in it, but the binary is too big for their virus analyzer to analyze it.