Hackers hiding malware in subtitle files

Hackers hiding malware in subtitle files

PanARMENIAN.Net - An impressive new exploit gives hackers the ability to control your desktop through malware spread by fake movie subtitles. The exploit, which essentially dumps the malware onto your desktop and then notifies the attacker, affects users of video players like Popcorn Time and VLC, TechCrunch reports.

Checkpoint found that malformed subtitle files can give hackers the ability to embed code into subtitle files popular with pirated movies and TV. Because these subtitles are usually trusted by video players and users alike they were an oft-overlooked vector for hack attacks.

“Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous.

Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files.”

 Top stories
Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020."
The care reaction is slated to launch globally on Facebook’s app and website sometime next week.
The Yesayan brothers had earlier offered AMD 22,1 billion for the shares they do not control.
Playrix Armenia is already on its way to becoming the largest gaming company in the region," said co-founder of Playrix.
Partner news