Hackers are hiding viruses in Kodi, Popcorn Time and other pirated movie subtitles

Impact
BySusmita Baral

Security research firm Check Point revealed a new exploit on Tuesday that affects several media players. The vulnerability allows a hacker to infect your device and gain full control through through subtitles. The exploit, which puts 200 million users at risk, impacts video players and streamers like Popcorn Time, Kodi, Stremio and VLC.

Here's how it works: malformed subtitle files allow hackers to embed code into the subtitle files in popular pirated movies and TV shows. Subtitles are a non-suspecting source for hacks. When a user utilizes them, the malware is dumped on their desktop and the attacker is notified. Once they have control over a device — PC, smart TV or smartphone — the hacker can do whatever they want, from stealing information to installing ransomware.

Check Point explains in a blog post:

Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user's media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker's malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files.

Checkpoint notes that the vulnerability lies in the "poor state of security in the way various media players process subtitle files." Another contributing factor is the large number of subtitle formats: there are over 25 different types currently being used.

"The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities," Omri Herscovici, vulnerability research team leader at Check Point, said in an email to Newsweek. "This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited, making it a hugely attractive target for attackers."

Thus far, the firm has found vulnerabilities in four major platforms — Popcorn Time, Kodi, Stremio and VLC — and all four have released updates with a fix. People who frequent the four platforms should get the updates immediately.

But Checkpoint believes other platforms are also at risk. "We have reason to believe similar vulnerabilities exist in other media players as well," the firm wrote in a blog post.