hackers are getting more and more creative these days as a report from Android Authority reveals that popular media players are now being used to control Android devices. The media players in question are VLC, PopcornTime, Kodi and Stemio. The malware not only affects Android devices, but also smart TVs and desktop computers.
Fortunately, the media players already released security updates to fix the vulnerability, except for VLC on Android. According to Google Play Store, VLC was last updated in August 2016.
How does the virus work?
Due to the lax security these media players have, hackers are able to upload malicious subtitle files to the apps.
Once a user opened those harmful files, the hacker can immediately control the device. As it can be seen in the video below, the user is about to play a movie and enabled the subtitle file. The file then connects the computer to the hacker and after a few seconds, the hacker is given full control of the computer.
Another flaw of these media players, such as the VLC, is that it downloads subtitle files automatically. At the same time, hackers are capable of manipulating the online algorithm to make sure that their malicious subtitle files are chosen by the app.
If you are using VLC on your Android device, it’s highly recommended that you uninstall the app immediately and wait for the security update.
Meanwhile, you can use other alternatives that already released security updates such as Kodi and Stremio.
Other malicious software
Meanwhile, Chenxiong Qian, Wenke Lee and Pak Ho Chung, researchers from Georgia Institute of Technology, have discovered a new exploit for Android called Cloak & Dagger. Android devices that are running the 7.1.2 are affected by this malware.
The Cloak & Dagger malware allows hackers to use Android’s SYSTEM_ALERT_WINDOW and BIND_ACCESSIBLITY_SERVICE to implement interactive elements over the user’s screen. Those elements are disguised as legitimate apps for the device’s home screen.
The malware can control the device by click-jacking, stealthy phishing, keystroke recording and also capable of installing a God-mode app, which enables all permissions of the device.
In addition, the virus can also silently unlock the device and make harmful actions while the screen is turned off.
Google has already acknowledged this vulnerability and taken steps to prevent these types of attacks. The search giant already updated its Google Play Protect, the security service on all Android devices, to detect installation of these harmful apps. Furthermore, Google has built a new security protection to its upcoming new version, the Android O.