If you are one of the millions of media lovers that grab subtitles to movies and series online, it may be time to put a check on that habit, at least in the short term.

New report from the researchers at Check Point have have demonstrated how attackers infect subtitles with malicious code that can be used to exploit known loopholes in many popular media players, allowing the hacker to take control of your computer, tablets or smartphones. This attack vector affects a wide range of popular media consumption software ike Stremio, Popcorn Time, Kodi and VLC. The research shows that there are over 200 million people consuming media on the software that feature vulnerabilities that can be targeted with the attack vector. This firmly puts the “subtitle attack” as one of the most widespread in modern day.

A demonstration that shows how the execution of the attack takes place in Popcorn Time and Kodi can be watched in this video link.

This attack vector is powerful because most users and the affected media players treat the subtitle sources as clean and trustworthy. Similarly, anti-virus software used by most people treat subtitle files as non harmful text files and do not assess their nature carefully. Additionally, there are over 25 formats for subtitles, with varying features and capabilities. This gives room for wide range of vulnerabilities.

The researchers at Check Point has notified media clients of the vulnerabilities. Some of them have taken steps to eliminate the threats but industry watchers believe that many of these are still unpatched. This is why there has been some secrecy on the part of media companies and the research company Check Point on the current state of things.

So What Should You Do?

Cybersecurity experts suggest staying away from content on the subtitle repositories, especially the more popular names. Additionally, update your anti-virus program as a good number of them have released patches that are targeted at the attack vectors. A more risky approach, is to use less popular media players that are less likely to be the target of such attacks for viewing media with such subtitles. There are a good number of options available today. Attackers will not target them as their end game is highly dependent on probabilities. A media player that is used by tens of millions will be more likely to be attacked than one that is used by a tens of thousands.