Decided to dip my toes in so I followed the guide to a website where I can download some content via google drive. Like an idiot, I didn’t research the risks of direct downloads before and so I’m now a bit paranoid. I understand the chances are low and my media player needs to be exploited but is there a way to be certain? A post on reddit said to use mkvtoolnix to check all the elements but I honestly don’t know what to look for. Any help?
It’s feasible and has been used in various 0day exploits in the last few years. It’s getting significantly rarer nowadays but media player exploits leading to RCE has been a staple of malware distribution for a long while.
It’s just much easier to make a malicious word macro and hope the user isn’t careful than to research/identify an exploitable bug in a media player.