Subtitle Files Are The Perfect Place For Malware To Lurk

May 25, 2017 11:11 PM EDT

The recent WannaCry outrage has more or less subsided, with the world being on the alert while many who have not given two hoots about their digital security before would most probably have done their bit to ensure that their Windows-powered computers are updated and protected, with some even making the jump to Windows 10. Well, there are still a myriad of ways in which hackers and those who have malicious intent to break through whatever digital defenses that have been put up and take partial or total control of your machine. A chain is only as strong as its weakest link, and the same applies when it comes to best computing practices. With many people actually accessing items online thanks to the proliferation of fast and affordable Internet connectivity, it also goes without saying that the entertainment aspect has also taken the digital route. With the world being a global village and the widening of the global knowledge base expanding at a very rapid pace, foreign films have also gained a large following among the English-speaking world. However, subtitle hunting can be rather tricky, since there are many sites that claim to provide subtitles -- but at a cost, with malware sneaking into the computer along the way. Hackers have decided to make use of subtitles as the latest way that they can hide malware and install such malicious programming on machines everywhere.


This particular exploit is extremely impressive, as hackers gain the ability to control a computer’s desktop via malware that is spread by fake movie subtitles. It will not only dump the malware onto the desktop, it will also provide the necessary notification to the attacker, while making sure that users of video players such as Popcorn Time and VLC will be affected. Apparently, malformed subtitle files provide a door for hackers to embed malicious code into subtitle files, and these tend to be downloaded whenever one deals with popular or pirated movies and TV shows. Since such subtitle files tend to be 100% trusted by video players as well as users, it is the perfect platform for hackers to create an entry point before proceeding with their attacks.

According to Checkpoint, “Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous. Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files.”

Users of Popcorn Time can always ensure that they remain safe from such attacks by downloading and installing the fix that is provided here. For VLC, Kodi, and Stremio users, you should not fret too much since a patch ought to arrive in due time, and the installation process would probably be immediate. Once again, it goes to show how all “free” stuff that you get online, especially media and software, might come with a hidden price tag that will end up too high a price to pay, especially when your personal data is compromised in addition to losing control of your computer’s functions.

At the end of the day, it is always best to go for legit and official solutions, including purchasing original movies with the type of subtitles that you are looking for.