Skip to Content
Security & privacy

Cyberattack: Hackers can gain control of your PC using subtitles

Are you a movie fan? Streaming content voraciously through Netflix, Amazon Video or Vudu may be your thing but chances are, you are also familiar with a bunch of third-party media players. Piracy concerns aside, not only do these players support a wide variety of formats, they are also versatile and are great for viewing local media libraries.

If you routinely use one of these popular media players – VLC, Kodi, Popcorn Time and Stremio – please be cautious when you download and install subtitle files from the web. According to Check Point researchers, hackers have found a way to exploit vulnerabilities in these media players and take over computers using booby-trapped subtitles.

By inserting malicious code within these specially-crafted subtitles, attackers can remotely control a computer as soon as the media player loads the booby-trapped file. Since the code is embedded within the subtitle file and runs through the media player, hackers can bypass antivirus and security software.

Scarier still, as shown in the video below, victims may not even know that their computers are already compromised.

In the demonstration video, Windows computers running Popcorn Time and Kodi are attacked. As soon as the booby-trapped subtitle file is loaded for the particular movie, the exploit runs in the background, allowing the attacker to remotely view and control the victim’s computer discreetly.

Click here to watch the video on YouTube.

Movie subtitles come in a wide variety of formats and can be downloaded or loaded in a media player freely from the web using sites like The problem is that since these sites are also publicly sourced, anyone can simply create a user profile and upload their own files. The attackers then manipulate these sites ranking systems to have their poisoned subtitles appear on top of the search results.

This means that with media players like Kodi that automatically select and load the top ranked subtitle file for any particular movie, the exploit can be run without user interaction at all.

Note: Streaming copyrighted content via Kodi and other media players may be illegal. Click here to learn why.

Check Point stated that they have already informed the makers of VLC, Kodi, Stremio and Popcorn Time before going public with the vulnerabilities on Tuesday. So far, VLC and Stremio have already patched their players while the makers of Kodi and Popcorn Time released their own fixes as well. Additionally, the researchers also warned that similar but yet to be found vulnerabilities could exist in other media players.

Protect yourself

To protect yourself, make sure to update your media players to the latest versions immediately. VLC was patched in version 2.2.5 released two weeks ago but more fixes are coming later this week.

Stremio should be updated automatically to versions 3.6.7 and 4.0 (beta). Kodi will be patched with version 17.2 but the fix is already available online. Likewise, Popcorn Time’s patch is now live.

Click here to read Check Point’s official blog.

More from

Ransomworm malware is coming, are you ready?

Huge mistake Windows users make that puts them at risk of hacks

If you get an email from this company in your inbox, DELETE it! App background

Check out the free App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the App, available in the Apple Store and Google Play Store.

Download Now