Hackers hide malware in movie subtitle files. Here’s how to fix it

Bradley Wint
May 24, 2017 10:47pm AST
Photo: PopcornTime

Hackers have figured out a way to take advantage downloadable movie subtitles to hide malware in them.

If you use VLC, Kodi, Stremio, or PopcornTime to play your movies with custom subtitles, you may be putting your system as risk of being hacked via one of the most inconspicuous file types: subtitles.

Security firm, Checkpoint, identified this new vector, and stated that as many as 200 million users run vulnerable versions of the above mentioned software.

Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.

Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

If you’re using VLC, Kodi, or Stremio, you should have received an update by now. However it’s still advised that you check for the latest update, as some users may not have auto updates enabled by default (like myself). PopcornTime can be updated via the undermentioned link.

Get your daily tech burst in your inbox!

Here is a demo of the malware at work. From the front end, there isn’t any clue to indicate that the targeted system is being taken over. Only after analyzing the background network traffic do you realize that the malware is running the exploit in the background.

Stay in the know

Subscribe to the Try Modern Tech Daily Digest for the latest tech news stories, deals, and how-to's in your inbox!

Founder/Executive Editor
PGP Fingerprint: EF2C 9B80 085C C837 3DA3 995D A864 F801 147F E619 | PGP Key
More From Technology

How to block those annoying autoplay videos on any website

By - Sep 17, 2017 12:51am AST
As more websites push for video content, their mix of autoplay videos and horrible delivery platforms make browsing many news websites a pain in the behind. Unfortunately, blocking Flash Player… Continue Reading

iPhone X vs. Galaxy S8 vs. LG V30: How does Apple stand up?

By - Sep 12, 2017 11:10pm AST
Now that the iPhone X, 8, and 8 Plus are out in the open, how will the top of the line Apple phone stand up to its recent competition? Let’s… Continue Reading

You can pre-order your gold-plated iPhone X starting at $7,495, with the top model costing $70k

By - Sep 11, 2017 11:06pm AST
With the iPhone X and 8 set to be announced on the 12th, iPhone accessory manufacturers are already busy at work putting the final touches on their cases and other… Continue Reading