Last updated: December 31, 2022
This is news that has gone unnoticed, but it remains relevant. Did you know that it is possible to inject malicious code into subtitles movies or series that you download with confidence?
Check Point, a company specializing in the design and sale of firewalls recently investigated a new form of computer attack affecting various popular video players, including VLC, PopCornTime, Kodi or even Stremio.
Indeed, some pirates use subtitles in zip files for take control of computers remotely.
In fact, no hacking has been carried out on a large scale, but it is quite possible.
As explained CheckPoint, by integrating a "payload" into these famous SRT subtitle files (which are only TXT files with time codes), it is in theory possible to take control of a PC when the user is going to use this file in VLC Media Player, Popcorn Time or Kodi using security software like Metasploit.
These infected subtitles can be found on well-known sites like opensubtitles.org. And they can be automatically downloaded by your media player if their algorithm is changed slightly. So you don't have to do anything for your computer to be hacked.
And since a little video is better than a long speech:
To counter this flaw, it suffices to download the latest versions of your media players favorite. The editors of the main video players seem to have fixed the flaw revealed by CheckPoint.