vlc vlc browser plugin

[dante]

Hello members,

 

Today i've found a vlc web plugin on vlc.de a webpage that I known as Malware Site. After simple checking the plugin, I didn't found any issues. But it's suspicious to me because this is only a plugin that will be moved into /Library/Internet Plugins and used only to play web-contents.  Fairly to say that I have not activated the plugin on the browser because I'm not sure at this time.

Bundle Identifier of the plugin refer to org.videolan.vlc-npapi-plugin. The link to get updates refers exactly to the videolan.org website. (does made sense?). Actually my knowledge is, that the original vlc player app has not web plugin on his package. So I need to ask can anyone can confirm that the web plugin does nothing if is installed on a system?

 If does, I'm thankfully to any experts that can explain what changes was made to the system.

the macOs bundle can be found here (it's too big to upload to Virustotal): VLC Fake? DMG

greetings,

dante

 

[David H. Lipman]

The DMG - 0 Hits on VT

https://www.virustotal.com/en/file/ceeece6670427eca2499133f6b4d066aa0d20058d0526a42462bee8de819a563/analysis/1470571461/

The Windows EXE files also have zero hits on VT.

The binaries are digitally signed and the certificates are valid.

[dante]

Many thanks Dave,

Quote

The Windows EXE files also have zero hits on VT.

macOs has no exe files

Also,  I'm not sure that the dmg check on virustotal is the same as to check the contents of the dmg. In past hour i took a research and found nightly builds from the vlc web plugin on his legit site. 

[David H. Lipman]

I know MAC doesn't use Windows PE files.  You stated...

5 hours ago, dante said:

Today i've found a vlc web plugin on vlc.de a webpage that I known as Malware Site.

 

I showed I found no evidence of that.

VLC Media Player is an Open Source project.  As such 3^rd parties, other than VideoLan, may compile their own version.

 

18 minutes ago, dante said:

  I'm not sure that the dmg check on virustotal is the same as to check the contents of the dmg.

If a participating anti malware vendor on Virus Total has an engine and signature base that operates on a DMG file then that vendor will detect malware in that file format.

 

Edited August 7, 2016 by David H. Lipman

[treed]

VirusTotal actually is capable of detecting known malicious files in .dmg files. Most recent Mac samples are actually submitted as .dmg files, in fact.

However, I also submitted just the main executable from inside the plugin, and that didn't trigger any hits either. As far as I can tell, without having someone actually dig into the code and analyze it, it doesn't appear to be malicious. I do note that there are some similarities between the bundles for both the real VLC app and this VLC Plugin... specifically, in the MacOS directory inside the bundle, there are a number of similar items, suggesting to me that this VLC Plugin is probably based on the VLC code.

Whether this is a legit plugin built from the VLC source, or whether it has been modified to include some malicious code, I can't say at this time. My guess would be that, at worst, it may include some added advertising code, but that may or may not be the case.

Looking at the feedback on mywot.com for the vlc.de site doesn't inspire confidence, and I would guess that site has dabbled in the distribution of adware installers, at least in the past if not currently. So my inclination would be not to trust that plugin... but I also seriously doubt that it is truly malicious, either.

 

[dante]

My questions all answered many thanks Dave and treed. 

[David H. Lipman]

YW Dante

 

VLC Media Player is my preferred media renderer.  It has played content from sources I can't even discuss.

Besides its Network Streaming capability, it also captures video.  I used it to record video of a squirrel invasion in my attic.  What I called my Kabuki Theatre

4 squirrels in Attic Video

 

[dante]

Awesome