Hacked Movie Subtitles Gave Attackers Full Control Over Users’ Computers

By
Subtitles: Not only do they force you to look at words like you’re reading a book or something, but they can be dangerous too. Photo: Sebastian Kippe/CC.20

Pirating movies and TV has always been a bit dicey. Beyond its obvious illegality, you’re never really sure what you’re getting — fakes of popular movies and TV shows abound. And there’s always the threat of your ISP cracking down on you after it notices you’ve been downloading and seeding every episode of Adventure Time.

But a recent virus, revealed by researchers at Check Point, attacks users in a novel way: the subtitle tracks often attached to online streaming video. Using an exploit in popular movie players like VLC, Popcorn Time, Kodi, and Stremio, it allowed attackers to take over complete control of a user’s system, simply by loading in a subtitle track.

To gain this type of access, normally users would either need to download a malicious bit of code from the internet, or visit a compromised website. But the subtitle hack is a bit more ingenious. While even novice internet users may know better than to click on a random PDF sent to them or visit you-watch-free-movie-online-now.ru, subtitle tracks in video players are seen as largely harmless text files.

They’re also treated by users’ systems as such, with subtitle files often being kept in online repositories users only access when they are watching some Luc Besson French-language action flick and want to watch with subtitles in English. Since anyone can upload files to those repositories, malicious files can be uploaded for popular streaming titles, and then even have certain subtitle tracks artificially inflated in popularity so that users pick the infected file over the safe subtitle tracks. Once the subtitle track is installed, it’s game over. “The potential damage the attacker can inflict is endless,” writes Check Point, “ranging anywhere from stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more.”

“We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software,” writes Check Point, “making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years.”

VLC and Stremio have created fixed versions and released them, while Popcorn Time and Kodi have fixed versions but require users to go to specialized sites to download them. And, Check Point noted, it only tested the four most popular video players available — it’s possible this exploit exists across many other lesser-used players as well.

As tempting as it may be to stream movies for free, we’d recommend sticking to places like Netflix and Amazon Prime for now — this is a nasty hack, and one that can wreak serious damage to your PC if you’re unlucky enough to get snared.

Subtitle Virus Gave Hackers Full Control to Victims’ CPU