Hidden Danger In The Film’s Subtitle

Hidden Danger In The Film’s Subtitle

We all know that danger lurks in every corner of the web. You don’t even have to go as deep as the dark web to come across scammers and criminals. Now, don’t get me started on the malware that has spread so quickly and crippled businesses and government organizations – the WannaCry ransomware. All these cyber crimes can make anyone worry about their activities on the web.

How mistaken are we to think that we know it all. The web holds so many mysteries that we won’t be able to unravel them all in our lifetime. Not only malware poses danger these days but viruses can also be found on film or video subtitles. The world is rapidly growing smaller and other cultures tend to be of interest to us. For instance, KPop and Kdrama are gaining a huge overseas fan-base and subtitles are crucial for the foreign audience to understand what the movie/show/song is all about.

Hackers can hide computer viruses in online video subtitles and use them to take control of computers, security experts have warned.

The attacks are embedded within the subtitle files that accompany many illegally downloaded films, and easily bypass security software and antivirus programs designed to keep computers safe.

Check Point, the security group that discovered the flaw, said millions of people who use video software including to stream or play films and TV shows on computers could be at risk. 

They warned that the attack lets hackers take “complete control” over any type of device using the software, including smart TVs. It identified four programs – VLC, Kodi, Popcorn Time and Stremio – but said there could be more.

(Via: http://www.telegraph.co.uk/technology/2017/05/25/hackers-hiding-computer-viruses-film-subtitles-experts-warn/)

If you want to steer free of these potentially damaging and costly mistakes, don’t just stream or download videos from shady websites. Only visit trusted sites. Remember that your PC’s existing antivirus software can not detect it, so it can likely wreak havoc on your device by the time you find out about it. You don’t want to lose data nor pay the ransom money in bitcoin but you are torn because you so desperately want your data back.

“We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerability reported in recent years,” the Check Point Research Team says.

The vulnerability’s reach is exacerbated by how users get most of their subtitles. Most of these files are hosted on subtitle repositories where anyone can upload a malicious file.

These portals rank subtitles based on popularity algorithms that an attacker can manipulate. By falsely improving the popularity of a malicious subtitle file, attackers can ensure that users download their file more often, or that streaming services such as Strem.io or PopcornTime pull the malicious subtitle before legitimate files.

Users are advised to use one of the updated video players, or not load any subtitles until they’re sure they’ve updated to a safe version of their favorite player.

(Via: https://www.bleepingcomputer.com/news/security/malicious-movie-subtitles-can-give-hackers-full-control-over-your-pc/)

Cyber criminals are becoming more creative by the minute. Whatever security measures companies implement, they always find a way to get through it. Cyber criminals have probably been studying human behavior and trends on the web because the attacks they do affect thousands of people in one go. It is so unfortunate, though, considering that many people prefer streaming videos online – from music videos, tv shows, movies, and all sorts of videos found on the web.

Like with this subtitle thing, there are at least 25 subtitle formats that can be exploited by these hackers. Add to that the limited security they implement, its vulnerability is the perfect formula for the next cyber heist. Similar to most cybercrimes, the solution often lies to downloading the latest player version since media player companies already issued a fix for it. Let’s wait and see then what the next online scam will be.

Leave a Reply

Your email address will not be published. Required fields are marked *