Video is one of the most popular forms of online content, with millions of users watching videos on social media sites, streaming services, and other platforms. However, given its popularity, many people also wonder about how secure it is. Can hackers and other people with malicious intent infect video files with malware and viruses?
Video files can contain viruses and malware, primarily if the files use uncommon software or are downloaded from unknown or illegal sources. However, video files obtained from a legitimate source or via well-known streaming services rarely contain viruses.
This article explains how viruses are embedded in video files and how video files are used as bait to trick users into downloading malicious content. I’ll also discuss how to determine if your computer has a virus and how you can avoid downloading infected video files.
How Viruses Are Embedded in Video Files
A virus is a malicious program designed to replicate itself and spread to other hosts, and it’s the most common type of malware. There are several ways a person with malicious intent can embed viruses in video files.
Using steganography, a method of hiding code within an otherwise legitimate file, hackers can insert malicious code capable of evading most anti-virus and anti-malware software.
One possible use of steganography is to hide malware communication with a command and control (C2) server within a video or image file. Steganography can also be used to create a steganography-based botnet or stego-botnet.
A stego-botnet hides its C2 messages embedded within a media file, such as a video file.
Video files are large and can contain more embedded payload data than an image or audio file. These files can be sent via email, text messages, Facebook messenger, Telegram, and other social media channels without being detected as malicious.
Stego-video files can exploit Telegram’s auto-download feature, which automatically downloads files less than 10 MB. To create a stego-botnet, the botmaster can send a video file with embedded attack information to a Telegram chatroom.
The video file will automatically download to any bots or users in the chatroom. Once the files are opened, the bots or users launch a denial of service (DoS) attack on a target specified in the stego-video. A hacker can also use stego-video files to harvest victim data.
Tainted Subtitle Files
A more unusual method of using a video file to exploit a victim is through malicious subtitle files.
Media players often trust subtitle files, loading them without any legitimacy check. The subtitle files then exploit a vulnerability in the media player, allowing the installation of malware on the victim’s machine.
How To Avoid Viruses in Video Files
In 2019, cybercriminals capitalized on the release of Star Wars: The Rise of Skywalker and tricked social media and illegal download site users into downloading files allegedly containing a leaked copy of the unreleased movie.
Unfortunately, the downloaded file instead contained malware.
Check the File Extension
To avoid this kind of deception, cybersecurity company Kaspersky recommends users pay attention to the file extension of a downloaded video and ensure it is indeed a video file and not .exe, the Windows executable file format.
Commonly used video file formats include:
Some video file formats are only supported by specific video player software. Cybercriminals leverage this information to trick users into downloading malware disguised as video player software.
They accomplish this by using a file that appears to have a legitimate video title or extension. When the victim attempts to play the “video” file, a pop-up message informs them the file cannot be played by their current media player software, often citing a codec issue.
The message prompts the user to download a tool or media player capable of playing the file. Of course, the tool or media player is a malicious file in disguise.
In some cases, the file contains a media player and bundled malware installed on the victim’s machine while watching the video.
Only Use Legitimate Video Player Software
To avoid downloading infected files or bundled files, only use legitimate video player programs and apps obtained from a reputable download site or app store.
Legitimate video player software and apps include:
Another way to avoid being duped by a fake video file or video player software is to enable the option to show file extensions in your operating system.
How to Tell if Your Computer Has Been Infected With a Virus
If your computer is infected with a virus via video files or other methods, you may notice it behaving irregularly.
Here’s how to tell if your computer has been infected with a virus:
- It is crashing, freezing, or is generally slow.
- Your internet connection suddenly seems slow.
- The sudden appearance of pop-up ads, messages, or system alerts.
- You notice programs opening, closing, or running with no user interaction.
- There appears to be unusual internet browser behavior.
- You see modified security settings or disabling of anti-virus software.
These symptoms indicate it is time to scan your computer for viruses and malware and take recommended actions to remove them from your system.
How To Avoid Infected Video Files
To avoid infected video files, do not download videos hosted on an illegal download platform or from an unknown source.
Other popular streaming services known to host legitimate video files include:
Videos hosted or embedded on blogs or social media sites such as YouTube, Facebook, Tiktok, and Instagram are unlikely to contain malicious code. Social media sites typically compress the video file during upload, altering the file and nullifying any malicious code hidden within.
However, files shared directly between users in a social media messaging platform may contain malware. It is wise to exercise caution when opening shared video files, especially if they are sent to you from unknown sources.
Video files are a commonly shared file type. Large size allows cybercriminals to hide payloads of malware-related information using methods like steganography.
Hackers use video file extensions to hide malicious files or executables. Threat actors can use video to bait victims into installing a video player program containing viruses.
To protect yourself from falling victim to infected video files, only download or stream videos from legitimate sources.
Use well-known video player software downloaded from a legitimate source. Only open video files sent by people you know. And disable automatic downloads and auto-play features where possible.
My Current Video Editing Setup and Favorite Products
Apple MacBook Air M1 512GB Ram (Waiting for the new 16in pro)
LG 27MK400H-B Full HD Monitor with FreeSync 27″ (I literally have 4 of these)
Razer Holiday Bundle Cynosa Chroma Gaming Keyboard, Abyssus Gaming Mouse, Goliathus Chroma Mousepad
KTRIO Large Gaming Mouse Pad with Stitched Edges
Panasonic LUMIX G7 Digital Camera – Great Entry Camera for Shooting and Streaming
Neewer Ring Light Kit — A Must Have
Emart Green Screen Backdrop with Stand Kit – Affordable and Lots of Uses!
Elgato Stream Deck Mini – I only need the 6 keys
- Forbes: Video Advertising Trends Going Into 2021
- Votiro: How Hackers use Image Steganography to Hide Malware and What You can Do to Stop Them
- MDPI: A Novel Video Steganography-Based Botnet Communication Model in Telegram SNS Messenger
- Adobe: Choosing the right video format.
- Software Testing Help: Top 10 BEST Video Player For Windows 10 And Mac [2021 List]
- Kaspersky: The sky-rise of droppers: phishing and malware attacks surface amid premiere of famous space saga
- InZero: Malware and Video – The YouTube Connection
- Talos Intelligence: Threat Spotlight: Astaroth — Maze of obfuscation and evasion reveals dark stealer
- Stony Brook University: Symptoms of an Infected Computer