Hackers Can Install Malware in Your Movie Subtitles

If you want to use a basic media player to play a foreign film that doesn’t come with subtitles, you may want to think twice before downloading a subtitle file online. Researchers recently discovered that hackers can take advantage of software flaws in some of the most popular media players for PCs and Android devices. Four of the most popular media players can be manipulated in such a way that hackers can insert malicious code into subtitle files. Hackers can then use this malicious code to gain access to Android devices, PCs, and smart TVs. If you use a media player on your smartphone to watch movies, click here to scan your device for hidden malware:

Read More: What is the Future of Ransomware on Android?

The four media players that contained software vulnerabilities are Stremio, Popcorn Time, Kodi, and VLC. These media players have been downloaded more than 200 million times, giving hackers plenty of opportunities to compromise various devices. Researchers believe that these software flaws extend beyond the four media players studied.

The subtitle files that seem to be the most affected are those that are uploaded to popular subtitle websites such as SubDB and OpenSubtitles. From there, hackers can ensure that their malicious subtitle files are downloaded by altering the website’s ranking algorithm. That way, the media player will instantly download the subtitle files.

The researchers have reached out to the creators of the media players, informing them of the system vulnerabilities. All four of the media players have issued software updates that come with crucial patches for the vulnerabilities. So, if you use one of the above-mentioned media players — or another popular media player for that matter — then make sure that your app is up to date in order to be protected against security threats. To further secure your device, make sure all of your devices are up to date and that you’re regularly scanning them for malware.