The web site for the popular VLC Media Player – VideoLan.org – is getting a big warning in Bing when users hover their cursor over it. This warning states that the “Site might be dangerous” and that it could “lead to malicious software that can harm your device.”
VLC Media Player is a very popular free open-source program that can be used to watch almost every movie format out there. According to Avast, VLC Media Player was the seventh most installed program in 2017.
Bing’s displaying of this warning came to a head yesterday when the Twitter account for VideoLan tweeted that Bing is displaying a popup stating the site is dangerous and contains malicious software. Bing’s Site Safety page for videolan.org also states that the site shows “indications of malicious activity”.
Supposedly, @bing now consider vlc-3.0.4-win64.exe as a malware, which gives an annoying popup.
This appeared 2 days ago, and we have no clue how to fix it (yet).
We’ve checked, and the binary has not changed and is still correctly signed…
— VideoLAN (@videolan) November 27, 2018
BleepingComputer tested searching for VLC in Bing and was shown the same warning when hovering over the search result. When testing the software on VirusTotal, though, only 1 out of 62 security vendors detected it as malicious. Therefore, it is surprising that Bing is detecting them in this manner.
This warning is not new, though, and was being shown at least 3 months ago according to a Reddit post.
BleepingComputer has reached out to Microsoft regarding this warning, but had not heard back with answers at the time of this article.
VLC is popular among malware distributors
A common tactic used by malware distributors is to take popular open source software, such as VLC, and repackage them to also install malware. For example, adware programs will repackage VLC as a “needed” player, which will also install unwanted software, adware, extensions, and Trojans.
Attackers are also known to use VLC to distribute more advanced malware such as FinFisher, VLC was also used as part of the CIA Vault 7 cyber toolkit called “Fine Dining” that weaponized popular applications to spy on targets. VLC Media Player was one of the applications that was allegedly used by the CIA.,
Other popular applications that were reportedly weaponized by the CIA include:
Irfan View Chrome Portable Opera Portable Firefox Portable ClamWin Portable Kaspersky TDSS Killer Portable McAfee Stinger Portable Sophos Virus Removal Thunderbird Portable Opera Mail Foxit Reader Libre Office Portable Prezi Babel Pad Notepad++ Skype Iperius Backup Sandisk Secure Access U3 Software 2048 LBreakout2 7-Zip Portable Portable Linux CMD Prompt