With more popularity comes the need for better online security. Popcorn Time found that out when a cybersecurity researcher injected malicious code into the piracy software, potentially putting thousands of users at risk.
Antionios Chariton, a Greek cybersecurity researcher, told TorrentFreak he discovered a number of serious flaws in PopcornTime.io, perhaps the most popular version of the piracy software. Popcorn Time is a loosely affiliated networks of sites that makes it possible for users to download movie torrents directly to their computer via a bright, clean interface that looks more like a legitimate streamer than the virus-infused Pirate Bay.
Or so it seemed, until Chariton maniupulated Popcorn Time's software by exploiting its HTTP and NodeJS protocol to crearte an XSS security vulnerability.
It's not clear how many, if any, other Popcorn Time versions include the vulnerability.
“This attack requires that the attacker is either inside the local network, inside the host machine, or has poisoned the [Domain Name System] servers,” Popcorn Time administrators told TorrentFreak. “In any case, there are far more valuable attacks than simply hitting Popcorn Time. Especially because it does not run with elevated priveleges and won't let the attacker install new programs, for example.”