Malware Has a New Hiding Place: Subtitles


Hackers could take control of a computer by hiding malware in movie titles, according to a security software firm.

Checkpoint said malware could be embedded into the subtitle files, and most media players—including VLC, Kodi, Popcorn Time and Stremio—would trust the file, a TechCrunch report said. Such subtitles files are often used for pirated movies and TV shows.

“Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files,” a Checkpoint blog post on the discovery said. “This means users, anti-virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.”

Checkpoint said millions of people use media players, and while the four previously mentioned programs have been fixed, there could be security holes in others.