Malicious Subtitle Files: Have you ever imagined, a small subtitle file can take full authority of your PC. Many of you download a subtitle file and watch movies. The hackers hack your PC while you are watching movies for a long time.
According to a group of investigators at Check Point, the most used media player applications have a severe vulnerability which lets the hackers capture any device. The device may be your PC, a smart TV, or a phone. The hackers insert malicious codes in the subtitle files. The investigators have found malicious subtitles which can be formed and produced to millions of devices. They can easily bypass the security applications and obtain the complete authority of the victim’s device. The hackers acquire all the personal information of the victim’s device.
More than 220 million users have downloaded the following four vulnerable media players:
VLC media player– Most downloaded VideoLAN media player
Kodi (XBMC)– Open-Source Media application
Popcorn Time– Software for watching movies and TV shows
Stremio– Video Streaming app for videos, movies, TV shows and TV channels
The vulnerability remains in the means of subtitle files, if run unfortunately in your device could completely hack your device. It is a risky part of media player, which can hack the device of more than hundreds and millions of users.
The vulnerability occurs in the way various media players process subtitle files if exploited successfully, could put hundreds of millions of users at risk of getting hacked. Before, showing the subtitles to the users, the media player resolves malicious subtitle files. At that time, the hackers obtain full control over the victim’s device.
The investigators have also recorded a video as an example. In the video, you can see Popcorn Time media player as an example to hack any Windows PC. You can watch the video for the full explanation of how the hackers obtain full access to a Pc from subtitle file. According to CheckPoint researchers, they have shown that by shaping the website’s ranking algorithm, they could ensure that planned malicious subtitles can automatically download in the media player, which allows the hackers to capture full subtitle supply connection. The whole process achieved without the victim information.
Ways To Prevent From The Malicious Subtitle Files
Check Point has told that VLC, Kodi, Popcorn Time and Stremio applications are some of the media player infected by this malware. They said, “to provide the developers more time for discussing the vulnerabilities of media player, they have determined not to announce any additional article for now.”
New versions are developed for the infected media player. The new version for Stremio and VLC are Stremio 4.0 and VLC 2.2.5, respectively. The patch for Kodi will come within a week, said by Martijn Kaijser. Popcorn Time also has a new version which you can download now. You can get the latest version of the media players from the internet.