Why would you try to open a movie with .m2ts ??
So wait, literally all it took was putting command line commands on their own line in a subtitles file? Am I interpreting this right
No/yes. in a text file, there are commands to run, and then made a script to run those commands. They then make the script look like a “double click this to get it to work”. Nothing new
oh, so it wasn’t a video player having an absurd exploit then
She said what now?
We get it, you
vapeuse arch
When the CD shortcut is executed, it launches Windows commands that extract and run a malicious PowerShell script embedded in the subtitle file between lines 100 and 103.
This PowerShell script will then extract numerous AES-encrypted data blocks from the subtitles file again to reconstruct five PowerShell scripts that are dropped to ‘C:\Users<USER>\AppData\Local\Microsoft\Diagnostics.’
The extracted PowerShell scripts act as a malware dropper, performing the following actions on the host:
…
Very interesting. Since I left windows, this isn’t an issue for me but I will be more aware that this can happen now.
There isn’t really anything new to learn here. It’s still the same old, don’t run an executable to watch a movie. That the code is partly hidden in the srt/jpg is just a minor implementation detail.
Kind of makes me want to install Clam AV just to watch for viruses I wouldn’t otherwise know about because I’m using Linux everywhere.
I did that for a while. It didn’t find any. I think because there weren’t any to find.
Very interesting approach
