Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 3 months agoFake ‘One Battle After Another’ torrent hides malware in subtitleswww.bleepingcomputer.comexternal-linkmessage-square5linkfedilinkarrow-up111arrow-down10cross-posted to: piracy@lemmy.dbzer0.com
arrow-up111arrow-down1external-linkFake ‘One Battle After Another’ torrent hides malware in subtitleswww.bleepingcomputer.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 3 months agomessage-square5linkfedilinkcross-posted to: piracy@lemmy.dbzer0.com
minus-squareRekall Incorporated@piefed.sociallinkfedilinkEnglisharrow-up3·3 months agoTechnically speaking it is hidden in a SRT subtitle file, but it’s not the like you can execute the SRT file, since it’s just text. If you are downloading pirates movies, it makes sense to not click on on random stuff in the torrent/download that’s clearly not a media file.
minus-squareaaaa@piefed.worldlinkfedilinkEnglisharrow-up4·3 months agoThe whole exploit is based on the user clicking on a .lnk shortcut, which then executes commands found in the subtitle text file. Which seems strangely over complicated. How does it really help to involve the subtitles file at all?
minus-squareWhatAmLemmy@lemmy.worldlinkfedilinkEnglisharrow-up1·3 months agoHiding executable code in the srt file likely evades various security software.
minus-squarearti@friendica.worldlinkfedilinkarrow-up1·3 months ago@aaaa if a sufficient amount of vics does exactly that it may work out (like bit error domains, or: artefact of speering vic)
Technically speaking it is hidden in a SRT subtitle file, but it’s not the like you can execute the SRT file, since it’s just text.
If you are downloading pirates movies, it makes sense to not click on on random stuff in the torrent/download that’s clearly not a media file.
The whole exploit is based on the user clicking on a .lnk shortcut, which then executes commands found in the subtitle text file.
Which seems strangely over complicated. How does it really help to involve the subtitles file at all?
Hiding executable code in the srt file likely evades various security software.
@aaaa if a sufficient amount of vics does exactly that it may work out (like bit error domains, or: artefact of speering vic)