Widely deployed streaming platform infected by multiple critical malware

March 6, 2020
streaming service video on demand critical malware antimalware sql injection

Critical malware used by hackers to hijack televisions are now attacking the popular IPTV middleware platform of more than a thousand of regional and international online media streaming services. This critical  malware execution flaw, if exploited, will grant attackers the power to seize control of the streaming service and content on display and will extract the subscribers’ database, including their financial details.


A Ukrainian IPTV (Internet Protocol Television), OTT (Over-the-Top) and VoD (Video-on Demand) content streaming provider named Infomer was found out to be the source of the security flaw.


Infomer is a Ukrainian manufacturing company with years of experience in manufacturing devices for interactive television services.

One of its popular product is the management platform known as Ministra, previously known as Stalker Portal. More than 1,000 video service providers worldwide used this impacted platform which connects to set-top boxes (STBs) in customer homes to deliver video on demand (VOD) content. The platform acts as a conduit between consumer STBs and television service providers which buy into the platform.

Ministra normally requires authentication from users to access this platform, but a major problem boomed into major security vulnerability which removed this protection. CheckPoint researchers made a malware check and found a logical vulnerability in an authentication function of the Ministra platform that fails to validate the request which allows a remote attacker to avoid authentication and perform SQL injection through a separate vulnerability. The researchers further explain that in this particular case, they used the authentication bypass to perform an SQL Injection on the server. With that knowledge, they escalated this issue to an Object Injection vulnerability, which in turn allowed them to execute arbitrary code on the server, potentially impacting not only the provider but also the provider’s clients.

After the researchers reported their findings to the company, Informer company has now conducted malware removal and contemplating to release a new version of Ministra which is the Ministra 5.4.1. Vendors of this platform are strongly recommended to update their system to the latest version as soon as possible. Customers are also advised to contact their TV streaming service provider to ensure that they have implemented the protection against this Ministra vulnerability.



About the author

Leave a Reply