Subtitle Files Are The Perfect Place For Malware To Lurk

By Edwin Kee
Hacking
Users can also bolster their security by using security suite - anti-virus, anti-malware, and firewall - and making sure that the tools are updated. No need to worry that money is needed for such protection as free solutions are readily available on the web. Some of the more prominent brands to take note of are Avast, AVG, Comodo and Malwarebytes Anti-Malware. Pixabay

The recent WannaCry outrage has more or less subsided, with the world being on the alert while many who have not given two hoots about their digital security before would most probably have done their bit to ensure that their Windows-powered computers are updated and protected, with some even making the jump to Windows 10. Well, there are still a myriad of ways in which hackers and those who have malicious intent to break through whatever digital defenses that have been put up and take partial or total control of your machine. A chain is only as strong as its weakest link, and the same applies when it comes to best computing practices. With many people actually accessing items online thanks to the proliferation of fast and affordable Internet connectivity, it also goes without saying that the entertainment aspect has also taken the digital route. With the world being a global village and the widening of the global knowledge base expanding at a very rapid pace, foreign films have also gained a large following among the English-speaking world. However, subtitle hunting can be rather tricky, since there are many sites that claim to provide subtitles -- but at a cost, with malware sneaking into the computer along the way. Hackers have decided to make use of subtitles as the latest way that they can hide malware and install such malicious programming on machines everywhere.

This particular exploit is extremely impressive, as hackers gain the ability to control a computer’s desktop via malware that is spread by fake movie subtitles. It will not only dump the malware onto the desktop, it will also provide the necessary notification to the attacker, while making sure that users of video players such as Popcorn Time and VLC will be affected. Apparently, malformed subtitle files provide a door for hackers to embed malicious code into subtitle files, and these tend to be downloaded whenever one deals with popular or pirated movies and TV shows. Since such subtitle files tend to be 100% trusted by video players as well as users, it is the perfect platform for hackers to create an entry point before proceeding with their attacks.

According to Checkpoint, “Our research reveals a new possible attack vector, using a completely overlooked technique in which the cyberattack is delivered when movie subtitles are loaded by the user’s media player. These subtitles repositories are, in practice, treated as a trusted source by the user or media player; our research also reveals that those repositories can be manipulated and be made to award the attacker’s malicious subtitles a high score, which results in those specific subtitles being served to the user. This method requires little or no deliberate action on the part of the user, making it all the more dangerous. Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files.”

Users of Popcorn Time can always ensure that they remain safe from such attacks by downloading and installing the fix that is provided here. For VLC, Kodi, and Stremio users, you should not fret too much since a patch ought to arrive in due time, and the installation process would probably be immediate. Once again, it goes to show how all “free” stuff that you get online, especially media and software, might come with a hidden price tag that will end up too high a price to pay, especially when your personal data is compromised in addition to losing control of your computer’s functions.

At the end of the day, it is always best to go for legit and official solutions, including purchasing original movies with the type of subtitles that you are looking for.

  • ‘Wang Mingdao’s Diary’ reproduction highlights complexities of contemporary Chinese Christianity

    On December 9, the China Graduate School of Theology (中国神学研究院) hosted a public lecture titled “A Courageous Witness in the Times—Launch of Wang Mingdao (王明道)’s Diary.” The lecture, themed “Faith Patterns in Beijing’s Christian Churches Through the Lens of Wang Mingdao’s Diary,” featured Dr. Ni Buxiao (倪步晓), Associate Director and Assistant Professor at the Christian Faith and Chinese Culture Research Center of Alliance Bible Seminary (建道神学院), as the keynote speaker.

  • Floating library ‘Doulos Hope’ arrives in Taiwan; spreading love and hope from a former cruise ship

    Doulos Hope, the international floating book fair ship, has returned to Taiwan and is now docked at Kaohsiung Port, open to the public from December 18, 2024, to January 12, 2025. Originally built in 1991 and renovated in 2022, the ship features over 2,000 books on various topics, including faith, science, and art. It is operated by a diverse crew of 140 volunteers from 25 countries, offering services such as education, healthcare, and community outreach. The ship's mission is to spread hope and

  • Chinese Online School of Theology publishes annual ministry report: Expanding Chinese theological education through new strategies

    In the 2023-2024 academic year, New York-based Chinese Online School of Theology (COST) has seen significant development in expanding its ministry in theological education and mission outreach. They have promoted a series of new events and projects to explore different strategies that expand theological education for Chinese ministers. The following are some highlights from the 2023-2024 annual report:

  • Dr. Fenggang Yang: How foreign forces transformed traditional Chinese legal systems

    In a recent lecture to Chinese Christians, scholar Dr. Fenggang Yang (杨凤岗) gave an in-depth analysis of the historical evolution and contemporary significance of the modern legal system in Chinese society. He explored the tensions and integrations between traditional law and modern rule of law, highlighting the distinctive characteristics of China’s traditional legal system and emphasizing the role of foreign influences in introducing modern legal practices into Chinese society.

Top Stories