According to a recent report from Check Point researchers, a new exploit gives hackers the ability to control the desktop of a person through malware spread by fake movie subtitles. The said exploit affects the video players of users, including the VLC media player, Popcorn Time, etc. The exploit mostly dumps the virus onto the computer of the user and then notifies the cyber-hacker.
Users trust subtitle files which can be dangerous for their computer
The research done by Check Point found that malformed subtitles files can give the cyber attackers the ability to embed code into subtitle files that are popular with pirated movies, TV shows and other media or video-related content. As these subtitles are usually ignored by video players and users, they are frequently used by hackers for cyber-attacks.
In its report, the Check point researchers explained, “Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player.” They further added, “These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.”
Security firms as well as users are generally aware of traditional attack vectors but they trust movie subtitles. The movie subtitles are often perceived by users as nothing more than benign text files.
Fix available for Stremio, VLC and Kodi
People who are using Popcorn Time can download a fix on its site. As for Stremio, Kodi, and VLC, the fix will be patched automatically. The Check Point researchers note that the attack vector depends mostly on the bad state of security in the way several media players process the large number of subtitle formats and subtitle files.
The researchers explain that there are around 25 subtitle formats in use in the beginning, with each format having a unique feature and capability. Often, the media players need to parse together several subtitle formats to make sure there is coverage and to provide a better user experience, with each media player using a different method, said the report.
The Check Point researchers add, “Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities.”