Research carried out by Check Point has led to the discovery of a new type of Cyberattack using subtitles.
When movies and/or TV shows are illegally downloaded they don’t usually come with subtitles and instead of manually having to search for the subtitles on the internet many users have turned to programs such as VLSub.
VLSub is an extension for VLC Player one of the media players affected by the attack. VLSub searches databases such as OpenSubtitles.org to find the subtitles for your movie. The most common subtitle files have the extension .srt which has been dubbed as ‘perhaps the most basic of all subtitle formats.’ .srt files are essentially lines of plain text detailing the time at which it should appear and what the text should say. .srt is not alone however, many varieties of subtitle file formats can be affected.
Hackers fill these files with malicious code, which when read by the media player can have disastrous consequences, the worst of which can enable the attacker to gain full access of the device. After gaining access the hacker can launch an assortment of attacks against the PC from ransomware and malware to acquiring personal information.
This is allowed to happen as subtitle files are viewed as trusted by the media player and with over 100,000,000 downloads of VLC player attacks like this are not localised. Evidence also suggests that hackers have the means to boost their infected subtitle files to the top of the list, where the most popular and most downloaded files will be.
With news of these attacks spreading, the companies that parent the affected media players took action with new updates to protect users. The known affected media players are Kodi, VLC and Stremio all of which have released new updates available from their website. Popcorn Time is also a known victim and has released an update however it is not yet available from their website.
The full article by Check Point can be found here