Malware might attack movie lovers from subtitle files

Movie streaming via torrent-like services [1] is an unethical, copyright-infringing and quite risky activity in itself and it has just become even more dangerous as the subtitle files with embedded malicious scripts were spotted circling the web. According to the investigation carried out by Israeli-based security researchers at Check Point, this vulnerability allowed the attackers to gain full access to the victims’ computers and control them remotely [2]. The unsuspecting users simply had to download the corrupted subtitle file and launch it on a subtitle-supporting video player. In particular, the vulnerability has affected the popular Kodi, PopcornTime, services and even hit legitimate video playback software such as VLC. While PopcornTime and PopcornTime were quick to release the security patches to obliterate this issue, the remaining streaming services still remain in the state of a ticking bomb. According to the Check Point researchers, currently, there are around 200 million programs that probably carry this vulnerability and may easily put countless devices in danger. Such situation should encourage users to switch to legal ways of enjoying movies or at least wait until software vendors sort this issue out by updating their products. You can’t control the hackers once they gain access to your PC. In fact, you may not even suspect your device has been hijacked as the criminals tend to work stealthily and cover up their tracks. While the backdoor is on the computer, the criminals may steal your information, install malware and other components which will carry out malicious activities on your PC even after the infectious subtitle file is eliminated from the system.

Image showing hackers distributing malware via subtitles

The hackers have created a new niche for the malware distribution and looking at its relatively simple execution we are quite certain that this technique will only grow and become more complex in the future. Currently, the hackers simply need to upload an obfuscated subtitle file into some subtitle repository. From there it will be able to travel to all services that use that particular repository to present users with subtitled movies. Of course, the hackers have to put some effort in manipulating the subtitle platform’s popularity indexes so that the video streamers or players would first download rogue files instead of the legitimate ones. Unfortunately, security utilities will not be able to protect you from such malicious downloads. This means that if you choose to stream videos online, you will have to accept the risk. We can only suggest making sure your favorite software has this vulnerability patched up or simply refrain from downloading subtitles entirely.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions