A staggering 200 million users of streaming platforms such as Popcorn Time, Kodi, Stremio and VLC are believed to be vulnerable, say researchers at Check Point. They describe it as 'one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years'.

The hack only affects subtitle files from third-party sites - watching a legitimate copy with its own subtitles should be fine.

But the attack can affect any device: a PC, smart TV or even a mobile device. It's delivered when movie subtitles are loaded by the user’s media player - which treats them as a trusted source. And the subtitle repositories can even be manipulated into giving the malicious subtitles a higher score, making them more likely to be served up to the user.