Hackers can hide computer viruses in online video subtitles and use them to take control of computers, security experts have warned.
The attacks are embedded within the subtitle files that accompany many illegally downloaded films, and easily bypass security software and antivirus programs designed to keep computers safe.
Check Point, the security group that discovered the flaw, said millions of people who use video software including to stream or play films and TV shows on computers could be at risk.
They warned that the attack lets hackers take "complete control" over any type of device using the software, including smart TVs. It identified four programs like VLC, Kodi, Popcorn Time and Stremio but said there could be more.
"We estimate there are approximately 200 million video players and streamers that currently run the vulnerable software, making this one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years," they said.
Many videos do not come with their own subtitles, but computer media players often automatically download special files from a central online repository. Because they are perceived as harmless text files and use a variety of different formats, the software does not check them for viruses.
However, Check Point showed it was possible to include debilitating computer viruses within the files that are activated as soon as subtitles are switched on. They were also able to manipulate the rankings on opensubtitles.org, the popular online database, so that video software would automatically download the virus-filled files.