Kid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 15 days agoFake ‘One Battle After Another’ torrent hides malware in subtitleswww.bleepingcomputer.comexternal-linkmessage-square5fedilinkarrow-up111cross-posted to: security@lemmy.mltechnology@lemmit.online
arrow-up111external-linkFake ‘One Battle After Another’ torrent hides malware in subtitleswww.bleepingcomputer.comKid@sh.itjust.worksM to Cybersecurity@sh.itjust.worksEnglish · 15 days agomessage-square5fedilinkcross-posted to: security@lemmy.mltechnology@lemmit.online
minus-squareRekall Incorporated@piefed.sociallinkfedilinkEnglisharrow-up3·15 days agoTechnically speaking it is hidden in a SRT subtitle file, but it’s not the like you can execute the SRT file, since it’s just text. If you are downloading pirates movies, it makes sense to not click on on random stuff in the torrent/download that’s clearly not a media file.
minus-squareaaaa@piefed.worldlinkfedilinkEnglisharrow-up4·15 days agoThe whole exploit is based on the user clicking on a .lnk shortcut, which then executes commands found in the subtitle text file. Which seems strangely over complicated. How does it really help to involve the subtitles file at all?
minus-squareWhatAmLemmy@lemmy.worldlinkfedilinkEnglisharrow-up1·15 days agoHiding executable code in the srt file likely evades various security software.
minus-squarearti@friendica.worldlinkfedilinkarrow-up1·8 days ago@aaaa if a sufficient amount of vics does exactly that it may work out (like bit error domains, or: artefact of speering vic)
Technically speaking it is hidden in a SRT subtitle file, but it’s not the like you can execute the SRT file, since it’s just text.
If you are downloading pirates movies, it makes sense to not click on on random stuff in the torrent/download that’s clearly not a media file.
The whole exploit is based on the user clicking on a .lnk shortcut, which then executes commands found in the subtitle text file.
Which seems strangely over complicated. How does it really help to involve the subtitles file at all?
Hiding executable code in the srt file likely evades various security software.
@aaaa if a sufficient amount of vics does exactly that it may work out (like bit error domains, or: artefact of speering vic)