It looks like Hackers have found a new way to spread the malware. Hackers are now hiding malware in subtitle files. According to the reports from Check Point Security, hackers can modify a subtitle file to create a new attack vector which can endanger devices like computers, smartphones, TVs, and other devices running unprotected media players. Well, hackers can conduct remote code execution and can steal data or can utilize the victim’s device in a DDoS attack after compromising. Well, researchers claimed that this type of attack is “completely overlooked technique” The majority of users downloads subtitles files from the internet. Hackers can upload a malicious subtitle on a repository and modify the ranking to put the subtitles files on the top. Which could increase the download counts and automatic downloads (by media players) The malicious subtitle files can even pass through filters deployed by antivirus software because subtitles files aren’t recognized as a threat in comparison to conventional attack vectors. Checkpoint on a blog post stated “The attack vector relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats. To begin with, there are over 25 subtitle formats in use, each with unique features and capabilities.” “Media players often need to parse together multiple subtitle formats to ensure coverage and provide a better user experience, with each media player using a different method. Like other, similar situations which involve fragmented software, this results in numerous distinct vulnerabilities.” These are the affected media players: VLC, XBMC Kodi, Popcorn Time, Stremio. Well, these all affected media players have millions of users. VLC is the most popular one, everyone haves VLC media player installed on their computer. Researchers claimed that approximately 200 million devices running the affected media players are exposed to the attack.
If you are running VLC media player then you need to get the latest version 2.2.5.1 which you can download it from here. If you are using Stremio, get the fix from here. You can download the fix of Popcorn time by visiting this link. Visit this link to get the fix for XBMC Kodi. So, what do you think about this? Share your views in the comment box below.
Δ