Photo: PopcornTime

Hackers hide malware in movie subtitle files. Here’s how to fix it

Bradley Wint
By - Founder/Executive Editor
May 24, 2017 10:47pm AST
Photo: PopcornTime
Get the latest news stories of the day delivered to your inbox

Hackers have figured out a way to take advantage downloadable movie subtitles to hide malware in them.

If you use VLC, Kodi, Stremio, or PopcornTime to play your movies with custom subtitles, you may be putting your system as risk of being hacked via one of the most inconspicuous file types: subtitles.

Security firm, Checkpoint, identified this new vector, and stated that as many as 200 million users run vulnerable versions of the above mentioned software.

Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.

Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

If you’re using VLC, Kodi, or Stremio, you should have received an update by now. However it’s still advised that you check for the latest update, as some users may not have auto updates enabled by default (like myself). PopcornTime can be updated via the undermentioned link.

Here is a demo of the malware at work. From the front end, there isn’t any clue to indicate that the targeted system is being taken over. Only after analyzing the background network traffic do you realize that the malware is running the exploit in the background.

Have your say

Stay in check with our daily burst of news stories delivered to your inbox.

Read more

Why did Florida school shooting Google Search results pre-date incident?

Web - On February 14, 2018, 14 students and 3 staff members were killed by Nikolas Cruz at the Marjory Stoneman Douglas High…

By - Feb 18, 2018 2:24am AST

WestJet to announce new 787 livery on February 28th

Travel - Something’s brewing up at WestJet. Employees at the Canadian carrier were teased about a new livery announcement set for February…

By - Feb 15, 2018 11:10pm AST

E-cigarette explodes in man’s pocket, causing second degree burns

Lifestyle - A Texas man has been left with second degree burns after his e-cigarette battery exploded in his pants pocket. The…

By - Feb 13, 2018 11:34pm AST

Instagram may soon notify you if someone snaps your Story

Social Media - If you’re a creeper, then you may be in for some bad news as Instagram is quietly testing a new…

By - Feb 12, 2018 9:10pm AST

Google to introduce iPhone X ‘notch’ support in future Android updates

Mobile - As part of Google’s continued effort to streamline the Android platform, they are once again targeting higher end iPhone customers…

By - Feb 12, 2018 8:27pm AST

Logan Paul’s YouTube ads suspended after he tased a dead rat and gave dead fish CPR

Social Media - Internet man child Logan Paul just can’t stop being an idiot. After taking some time off and posting an apology…

By - Feb 11, 2018 2:17am AST

The Samsung Galaxy S9 could start at $800+

Mobile - With every new flagship release, phone prices just seem to continually creep up and up over time. For instance, Apple’s…

By - Feb 8, 2018 4:42am AST

SpaceX nails tandem landing after successful Falcon Heavy test launch

Featured - What a time to be alive! Elon Musk and the team at SpaceX has set another major milestone by successfully…

By - Feb 7, 2018 1:38am AST

Video depicts drone flying dangerously close to aircraft

Transportation - Video of a drone flying dangerously close to an aircraft in Las Vegas has gone viral. The original clip was…

By - Feb 5, 2018 12:26am AST

PornHub to force UK viewers to give up their name, ID details and address to view content

Privacy/Security - If you fancy X-rated content but happen to live in the UK, some of your favourite sites will soon be…

By - Feb 1, 2018 10:19pm AST