Some new malware has been discovered that exploits vulnerabilities in popular media players such as VLC, and Kodi TV.

Stremio and Popcorn-Time are also affected but you really shouldn’t be using those anyway.

So why subtitles? According to Checkpoint Security Technologies, which discovered the malware, subtitle files often appear as simple text files and as such users, anti-virus software and even system administrators don’t see them as dangerous.

Checkpoint also points out that because media players parse subtitles differently, the software is incredibly fragmented and as such present more vulnerabilities.

Mix that all together and you have a recipe for disaster.

Checkpoint says the danger with this sort of attack is that it requires little to no action on the part of the user.

Worse still, the researchers say that attackers can manipulate subtitle repositories to give their malicious translations a high score, and as such make users more prone to using them.

What’s the danger and what should I do?

Malicious subtitle files have the ability to open up a tunnel from your PC, Smart TV or smartphone to an attacker giving them full control of the device. You can see a proof of concept done by Checkpoint in the video below.

Checkpoint has not disclosed full details of the vulnerability as a number of media players are still in need of a patch.

The players that have received a patch include VLC (link will take you to the official VLC page and the program will automatically begin downloading) and Kodi. Both Stremio and Popcorn-Time have patches as well but we won’t be linking to those here for legal reasons.

For now, the best thing to do is download the patches for your media player and if your preferred player wasn’t listed here it’s worth keeping an eye out for any updates.

[Source – Checkpoint]