"Security researchers have uncovered a long-running malicious campaign from hackers associated with the Chinese government who are using VLC Media Player to launch a custom malware loader. The campaign appears to serve espionage purposes and has targeted various entities involved in government, legal, and religious activities, as well as non-governmental organizations (NGOs) on at least three continents... ...the attacker uses a clean version of VLC with a malicious DLL file in the same path as the media player's export functions..." https://www.bleepingcomputer.com/ne...se-vlc-media-player-to-launch-malware-loader/
OK so this wasn't actually a supply chain attack, but they simply abused a legitimate copy of VLC Player that was already installed, to load malware? Perhaps Windows should figure out a way too prevent malware from using DLL sideloading techniques.
