Jump to content

vlc browser plugin


Recommended Posts

Hello members,

 

Today i've found a vlc web plugin on vlc.de a webpage that I known as Malware Site. After simple checking the plugin, I didn't found any issues. But it's suspicious to me because this is only a plugin that will be moved into /Library/Internet Plugins and used only to play web-contents.  Fairly to say that I have not activated the plugin on the browser because I'm not sure at this time.

Bundle Identifier of the plugin refer to org.videolan.vlc-npapi-plugin. The link to get updates refers exactly to the videolan.org website. (does made sense?). Actually my knowledge is, that the original vlc player app has not web plugin on his package. So I need to ask can anyone can confirm that the web plugin does nothing if is installed on a system?

 If does, I'm thankfully to any experts that can explain what changes was made to the system.

the macOs bundle can be found here (it's too big to upload to Virustotal): VLC Fake? DMG

greetings,

dante

 

Link to post
Share on other sites

The DMG - 0 Hits on VT

https://www.virustotal.com/en/file/ceeece6670427eca2499133f6b4d066aa0d20058d0526a42462bee8de819a563/analysis/1470571461/

The Windows EXE files also have zero hits on VT.

The binaries are digitally signed and the certificates are valid.

Link to post
Share on other sites

Many thanks Dave,

Quote

The Windows EXE files also have zero hits on VT.

macOs has no exe files :)

Also,  I'm not sure that the dmg check on virustotal is the same as to check the contents of the dmg. In past hour i took a research and found nightly builds from the vlc web plugin on his legit site. 

Link to post
Share on other sites

I know MAC doesn't use Windows PE files.  You stated...

5 hours ago, dante said:

Today i've found a vlc web plugin on vlc.de a webpage that I known as Malware Site.

 

I showed I found no evidence of that.

VLC Media Player is an Open Source project.  As such 3rd parties, other than VideoLan, may compile their own version.

 

18 minutes ago, dante said:

  I'm not sure that the dmg check on virustotal is the same as to check the contents of the dmg.

If a participating anti malware vendor on Virus Total has an engine and signature base that operates on a DMG file then that vendor will detect malware in that file format.

 

Edited by David H. Lipman
Link to post
Share on other sites

  • Staff

VirusTotal actually is capable of detecting known malicious files in .dmg files. Most recent Mac samples are actually submitted as .dmg files, in fact.

However, I also submitted just the main executable from inside the plugin, and that didn't trigger any hits either. As far as I can tell, without having someone actually dig into the code and analyze it, it doesn't appear to be malicious. I do note that there are some similarities between the bundles for both the real VLC app and this VLC Plugin... specifically, in the MacOS directory inside the bundle, there are a number of similar items, suggesting to me that this VLC Plugin is probably based on the VLC code.

Whether this is a legit plugin built from the VLC source, or whether it has been modified to include some malicious code, I can't say at this time. My guess would be that, at worst, it may include some added advertising code, but that may or may not be the case.

Looking at the feedback on mywot.com for the vlc.de site doesn't inspire confidence, and I would guess that site has dabbled in the distribution of adware installers, at least in the past if not currently. So my inclination would be not to trust that plugin... but I also seriously doubt that it is truly malicious, either.

 

Link to post
Share on other sites

YW Dante

yw.gif

 

VLC Media Player is my preferred media renderer.  It has played content from sources I can't even discuss.

Besides its Network Streaming capability, it also captures video.  I used it to record video of a squirrel invasion in my attic.  What I called my Kabuki Theatre

4 squirrels in Attic Video

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.