Subtitles Have Been Discovered to Infect Computers
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
Netizens are well familiar with malware distributed through compromised programs, social engineering, infested websites, malvertising, etc. These are all common threats, and we’ve calmed down regarding our internet security in the belief that old-fashioned protection is perfectly sufficient. Alas, cybercrime is a multi-headed and ever-shifting monster. Recently, hackers have found a new vile way to get their hands inside your devices – via subtitles.
Wait, what? Subtitles are dangerous?
Why yes, it turns out they are! Recently, Checkpoint Security Service has announced they discovered an exploit within a number of popular video streaming platforms. The list includes Kodi (XBMC), VLC, strem.io and Popcorn Time. The research claims that approximately 200 millions of users are affected, making it the most widespread zero-resistance vulnerability found in years.
But the subtitles are plain .txt files, one might argue, they can hardly do any harm to your device. Well, how about giving attackers full control over your computer? Yes, it’s that dangerous, and here’s how it works:
- Hackers make a subtitle file to a popular movie and add malicious code to it.
- They post the file to a popular repository that’s used by people and software alike to find subtitles.
- Hackers abuse the rating system of the repository to boost their file to the top lists of subtitles.
- The high-rated infected subtitles are then downloaded either manually by users, or automatically by media players. And after the file is run, it only takes a couple of seconds until hackers are granted complete access to the victim’s computer.
What makes it so effective
Media players are required to process subtitles files of numerous different formats. Sometimes, they have to combine different files or fragment software. This results in poor security of subtitles processing, leading to certain distinct vulnerabilities, and leaving them unprotected against malware.
Besides, this attack vector was especially effective due to its uniqueness. The last attempt to use subtitles as a hacking tool occurred in 2003, proved ineffective, and was forgotten. Using this overlooked technique was an ingenious idea, seeing how subtitles depositories are considered a trusted source by everyone. No modern antivirus software considered this channel a threat.
How to cure the infection and avoid it in the future
If you have used any of the affected platforms and downloaded subtitles through them, there is a good chance your computer got infected. It is highly recommended that you run an antivirus scan and install a VPN such as VPN Unlimited. The latter will ensure that even if some part of the malware manages to avoid detection, your sensitive information will be encrypted and protected. Additionally, the four streaming platforms have already released fixes to their software. It would be a smart idea to update them if you intend to keep using any of these services.
Unfortunately, this situation exposes an integral vulnerability of subtitles repositories. Especially seeing how they use specific rating algorithms, and how some media players download subtitles files automatically. Because of that, there can be no guarantee that hackers will not repeat this tactic with other streaming services. And, what’s more, there is very little that a user can do to avoid the attack.
Do you watch movies with subtitles? Will you stop now considering the news? Tells us in the comments below!