Hackers have figured out a way to take advantage downloadable movie subtitles to hide malware in them.
If you use VLC, Kodi, Stremio, or PopcornTime to play your movies with custom subtitles, you may be putting your system as risk of being hacked via one of the most inconspicuous file types: subtitles.
Security firm, Checkpoint, identified this new vector, and stated that as many as 200 million users run vulnerable versions of the above mentioned software.
Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.
Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.
If you’re using VLC, Kodi, or Stremio, you should have received an update by now. However it’s still advised that you check for the latest update, as some users may not have auto updates enabled by default (like myself). PopcornTime can be updated via the undermentioned link.
- PopcornTime– Created a Fixed version, however it is not yet available to download on the official website.
The fixed version can be manually downloaded via the following link: https://ci.popcorntime.sh/job/Popcorn-Time-Desktop/249
- Kodi– Officialy fixed and available to download on their website. Link: https://kodi.tv/download
- VLC– Officially fixed and available to download on their website
- Stremio– Officially Fixed and avilable to download on their website
Here is a demo of the malware at work. From the front end, there isn’t any clue to indicate that the targeted system is being taken over. Only after analyzing the background network traffic do you realize that the malware is running the exploit in the background.