Share
Share
Share
 

Hackers hide malware in movie subtitle files. Here’s how to fix it

Photo: PopcornTime

Hackers have figured out a way to take advantage downloadable movie subtitles to hide malware in them.

If you use VLC, Kodi, Stremio, or PopcornTime to play your movies with custom subtitles, you may be putting your system as risk of being hacked via one of the most inconspicuous file types: subtitles.

Security firm, Checkpoint, identified this new vector, and stated that as many as 200 million users run vulnerable versions of the above mentioned software.

Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.

Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

If you’re using VLC, Kodi, or Stremio, you should have received an update by now. However it’s still advised that you check for the latest update, as some users may not have auto updates enabled by default (like myself). PopcornTime can be updated via the undermentioned link.

Here is a demo of the malware at work. From the front end, there isn’t any clue to indicate that the targeted system is being taken over. Only after analyzing the background network traffic do you realize that the malware is running the exploit in the background.

Whether you’re a novice or seasoned traveler, there is always that one person or group of people that occasionally bug…
If you’re buying a Samsung Galaxy S9 or S9+ from Verizon, expect to see Yahoo-based apps and Bixby news content…
Just two months after the unveiling of the Galaxy S9 and S9+, Samsung is will now offer more internal storage…
As cryptominers shift their attention away from GPUs, graphics cards prices may plummet as shipments are expected drop by as…
Facebook has started beta testing a new feature that allows fans of pages to limit conversations to their friends and…
Caribbean Airlines has joined the ranks of other international airlines by introducing a premium economy cabin. Dubbed “Caribbean Plus”, rows…
It’s 2018 and there are still many websites that believe in forcing users to watch autoplay videos. That’s right, we’re…
Sometimes I like to record a snippet of what I’m listening to on my phone’s iTunes player to post to…
If you’re an iPhone user (or use any iOS device as a matter), it may be time to consider using…
Like many other mobile phone manufacturers, Apple can’t keep anything a secret. In a recently leaked internal memo (a lengthy…
We're looking for up and coming writers to join our expanding team!