Security

Hackers Can Install Malware in Your Movie Subtitles

If you want to use a basic media player to play a foreign film that doesn’t come with subtitles, you may want to think twice before downloading a subtitle file online. Researchers recently discovered that hackers can take advantage of software flaws in some of the most popular media players for PCs and Android devices. Four of the most popular media players can be manipulated in such a way that hackers can insert malicious code into subtitle files. Hackers can then use this malicious code to gain access to Android devices, PCs, and smart TVs. If you use a media player on your smartphone to watch movies, click here to scan your device for hidden malware:

As the media player is reading the subtitle files, the malicious code could be working its way into your device. By the time you’re enjoying that foreign film, a hacker could have complete access to your device — without you realizing it. This serves as an important reminder to regularly scan your device for malware, because malware doesn’t always reveal itself in an obvious way, such as through adware or ransomware. The Full Virus Scan will check your device and SD card for any security threats, and quickly remove any malware that is found.

The four media players that contained software vulnerabilities are Stremio, Popcorn Time, Kodi, and VLC. These media players have been downloaded more than 200 million times, giving hackers plenty of opportunities to compromise various devices. Researchers believe that these software flaws extend beyond the four media players studied.

The subtitle files that seem to be the most affected are those that are uploaded to popular subtitle websites such as SubDB and OpenSubtitles. From there, hackers can ensure that their malicious subtitle files are downloaded by altering the website’s ranking algorithm. That way, the media player will instantly download the subtitle files.

The researchers have reached out to the creators of the media players, informing them of the system vulnerabilities. All four of the media players have issued software updates that come with crucial patches for the vulnerabilities. So, if you use one of the above-mentioned media players — or another popular media player for that matter — then make sure that your app is up to date in order to be protected against security threats. To further secure your device, make sure all of your devices are up to date and that you’re regularly scanning them for malware.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.