Security researchers have uncovered a new strategy employed by cybercriminals – hiding malware in downloadable subtitle files.
The infected movie subtitles are usually part of bootlegged films or televisions which typically circumvent a computer’s antivirus applications.
Downloading pirated movies or TV shows online are a common practice, putting millions of unknowing users at risk.
The team of security experts warns the public as this new approach of spreading malware would let hackers take complete control of any infected device.
Four video streaming programs were listed as potentials sources: VLC, Popcorn Time, Kodi, and Stremio. Experts added that this list could most possibly still expand.
Estimates pegged the number of such media players and streamers at about 200 million, potentially making it the most extensive and easily accessible medium of spreading computer viruses in recent memory.
Such intrusive viruses are capable of activating as soon as the subtitles are turned on.
Most of the illegally downloaded videos and shows do not have subtitles included, and since a majority of media players do not scan subtitle files because they are considered relatively harmless, they are an ideal avenue for cybercriminals to hack into a computer.
Security researchers were also able to confirm that such intrusive viruses are capable of activating as soon as the subtitles are turned on.
On top of this, cybercriminals were also able to hack into opensubtitles.org – a popular online subtitle source – and affect the website in a way that video players would instantly download the infected files.
This method of infecting personal computers could be more prolific than its predecessors because it requires little to no deliberate action on the part of the user.
Once cybercriminals get into a system, they can choose from a slew of cybercrimes: steal a victim’s identity or other personal information; install ransomware on the machine; start distributed denial of service attacks; among others.
While VLC, Popcorn Time, Kodi, and Stremio might be among the programs most affected by this type of attack, the companies have released patches to combat it. The latest versions of their software are readily available on their official websites.
Comprehensive multi-device protection for you and your family for up to 6 PCs, smartphones, or tablets. For more info click here.