Saturday, February 8, 2025
HomeCVE/vulnerability200 Million Downloaded video players including VLC Player are vulnerable to...

200 Million Downloaded video players including VLC Player are vulnerable to Malicious subtitles Attack -A Complete Takeover Attack

Published on

SIEM as a Service

Follow Us on Google News

A new Cyber Attack Spreading through Vulnerable Subtitles which Downloaded by  Victims Media Player and threatens more than 200 Millions of vulnerable Machine in worldwide which leads to  complete take over to the infected machine .

This cyber attack is delivered when movie subtitles are loaded by the user’s media player which is  delivering by tricks victims.

Attackers  used two Major Attack Vectors to spreading crafting malicious subtitle files into Victims Media Player.

  1. Attackers Forced victims to Visit Malicious Website to Download Subtitles
  2. Tricks victims   into running a malicious file on his computer.

Vulnerable  Media Players are wildly used Media players including VLC, Kodi, Popcorn Time and Stremio.

Currently this Malicious subtitles repositories are Treated as Trusted Source by the Vulnerable Media Players.

According  to Checkpoint Researchers, This method requires little or no deliberate action on the part of the user, making it all the more dangerous.

Also Researchers Said,Unlike traditional attack vectors, which security firms and users are widely aware of, movie subtitles are perceived as nothing more than benign text files. This means users, Anti-Virus software, and other security solutions vet them without trying to assess their real nature, leaving millions of users exposed to this risk.

 Attack Vector used for Spreading

Many websites are serving Subtitles to Download and import into Media Players which is the potential Attack method to easily spread this Malicious Subtitles links.

Checkpoint Researchers  Revealed ,manipulating the website’s ranking algorithm, we could guarantee crafted malicious subtitles would be those automatically downloaded by the media player, allowing a hacker to take complete control over the entire subtitle supply chain, without resorting to a Man in the Middle attack or requiring user interaction.

Image source:Checkpoint

Infect into IOT Devices

This Critical subtitles Attack may perform into PC, a smart TV, devices which infected by this Malicious Subtitles .

infected Media Players VLC has over 170 million downloads of its latest version alone, which was released June 5, 2016. Kodi (XBMC) has reached over 10 million unique users per day, and nearly 40 million unique users each month.

This Attack will leads to stealing sensitive information, installing ransomware, mass Denial of Service attacks, and much more. Checkpoint said.

Proof Of Concepts Video:

Here Checkpoint Submitted a Proof of Concepts for Complete take over  of the the Victims  Machine by the attacker via the infected media Players.

Once Malicious Subtitles loaded into the Victims Media Player ,then it will execute the Remote code and take over the entire Victims Machine.

This Attack  still under investigation by Checkpoint and They didn’t revead any technical Details.

Also Read:

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Microsoft Sysinternals 0-Day Vulnerability Enables DLL Injection Attacks on Windows

A critical zero-day vulnerability has been discovered in Microsoft Sysinternals tools, posing a serious security threat...

7-Zip 0-Day Flaw Added to CISA’s List of Actively Exploited Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical 0-day vulnerability...

Logsign Vulnerability Allows Remote Attackers to Bypass Authentication

A critical security vulnerability has been identified and disclosed in the Logsign Unified SecOps...