Stremio flaw exposes millions of users

Stremio, a popular add-on streaming app, had a DLL-planting vulnerability, potentially exposing millions of the app’s users to arbitrary code execution attacks.

Millions of streaming lovers might’ve had their data exposed, security researchers at CyFox claim. A DLL (dynamic link library) planting bug in Stremio could’ve allowed attackers to gain unauthorized access to service users who had Stremio for Windows 4.4 installed.

Stremio is a software that allows users to organize movies, TV shows, and other video content from different media sources such as Netflix or Amazon Prime Video.

“DLL hijacking allows attackers to execute arbitrary code with the privileges of the targeted application or escalate their privileges on the system. The vulnerability can lead to remote code execution, privilege escalation, information theft, and system compromise. Attackers could exploit the vulnerability to gain unauthorized access, steal sensitive data, and potentially compromise the entire system or network,” researchers said.

DLL files are essential to machines running on Windows operating systems, as they can be linked and shared by multiple programs. The files allow the software to access system resources such as device drivers, networking, and graphics. Researchers have found that attackers could plant malicious DLLs in Stremio’s app directory.

By exploiting the DLL hijacking vulnerability in the app, attackers could carry out remote code execution (RCE) attacks, installing malware and stealing user data. Researchers believe that Stremio users could also be susceptible to privilege escalation attacks that allow threat actors to bypass security control and gain admin access to the system.

Additionally, the bug paves the way for information theft attacks by intercepting and manipulating data passing through the hijacked DLL. Lastly, attackers could use the malicious DLL to execute lateral movement through systems to establish backdoors for later use.

Meanwhile, Stremio published a blog post, claiming the company did not consider CyFox's report valid and decided not to respond to researchers.

“This is not a security issue, and we can assure all of our users that they are fully safe using our software today, and in the future,” Stremio said in a blog post.