Windows, Linux Kodi Users Infected With Cryptomining Malware

An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET. According to a report that will be published later today and shared with ZDNet in advance, the company's malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users' computers.

ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.

So Open source not great either

Kodi is one I never heard of, guess it talks about being open source and runs on many OS platforms. Kodi is maintained by volunteers which I guess means they want sympathy when the stuff get's hit with malware? Their main page says nothing about the threat or how it will be addressed or fixed?

Re:So Open source not great either

XBMC\Kodi is a rather large HTPC platform. The issue is not with their software. The issue is they allow plug-ins to extend functionality which is something that makes its very powerful. I use it to auto-rip a DVD while it plays for instance. You are well warned when you install from 3rd party repositories like the ones in question. It is no different than the varies app stores when Android first started that will full of all sorts of baddies.

At the end of the day if you're installing software from untrusted sources then you sort of deserve what you get. As an avid user of Kodi I never used any of those repositories so I've got nothing to worry about.

Kodi can be installed on anything. Just because Windows is full of bugs that can cause Kodi problems doesn't mean Kodi did something wrong.

I would like to see them say something about this however as there are users out there that are less than technical and actually bought Kodi machines off Amazon back you were still allowed to.

Re:So Open source not great either

[Tough+Love]

And it's likely that the trojaned plugins were not downloaded from the official Kodi site. Need to wait for the details of course.

Re:So Open source not great either

surprising as the platform has received huge publicity from mainstream media mainly because of "Kodi Boxes" as msm called them. Small linux boxes with kodi. I have no idea why anyone would trust such a device but obviously most people are pretty clueless.

Re:So Open source not great either

[Gavagai80]

If you choose to install malware, you'll get malware. To get infected by this you have to go to one of three fly by night repositories of illegal plugins and choose to install a plugin that turns out to be doing a different kind of illegal activity than you expect (crypto mining instead of media piracy). It should not be a shock that dealers in illegal goods aren't always trustworthy -- it's like being shocked when your drug dealer steals from you.

Re:So Open source not great either

[vbdasc]

Are the trojaned plugins open source? I somehow doubt it. It's the closed-source so-called "freeware" that is the most dangerous vectors for malware these days.

Re:So Open source not great either

[ah802]

Kodi doesn't contain malware it's the illegal add-ons and code overlays. From the site: https://kodi.tv/article/warnin...

Re:So Open source not great either

Actually, it is a shock. There was a time when you were more likely to get a virus from legal software than from pirated software (this was back when pre-formatted floppies often contained viruses). Pirates put a lot of effort into keeping their stuff clean.

Re:So Open source not great either

[drinkypoo]

I use it to auto-rip a DVD while it plays for instance.

What addon do you use for this purpose?

Re:So Open source not great either

While legal status sometimes correlates with morality, it's total bullshit to lump copyright/IP in there.

Unsigned plugins

Do they sign their plugins or is a nobody's chaotic jungle.

Re:Unsigned plugins

Add-ons aren't signed.

Oh Noes!

Oh Noes, in maybe a few years, my raspberry pi will have mined a coin. how will I pay for the 0.25 in electricity?

PIRACY HAS ITS COSTS

And this is one of them. Hell is another... just to let you know. You want to live with Hitler? Then keep on doing what you are doing, heathens.

worth this hour

[epine]

The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.

The word "today" is a little too broad, is it not?

How about this:

The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, with a viscous cash equivalency of nearly $7,000, when I checked right after lunch.

Re:worth this hour

R U OK?

Missed the boat mining Bitcoin bro?

Re:worth this hour

Came here for this.

Re:obligatory nelson

The fact that one of the mods was affected by this makes it even funnier. :)
Thanks for making my day, power-tripper! X^D

At some point,

[gTsiros]

software must be only open source. No binary, anywhere. I don't care how you bootstrap the process. This has gone too far.

I do not know what my computer is doing anymore. "Oh you have to trust someone". Well, I can't.

Fuck modern software. Fuck it up its bloated ass.

turbo C compiler was a 100 kilobyte exe.

whatsapp for windows, a fucking messaging app, is 50+ MB

what the hell?!

Re:At some point,

You're conflating several things here, from trust to binary sizes. Also the problem here is is that there was malicious code, something that can (and has) been present in open source code from time to time. Unless you or someone else vets every commit, it's extremely easy to find a means of injecting dodgy code in any badly protected repository, doesn't require binaries at all.

Also for what it's worth, Whatsapp uses Electron as its framework, so that's where it gets its larger filesize. Speed of development and time to market via Electron is more important these days than having efficient code and small file sizes it seems. Try to be less emotional about these things, since it's the way of modern development and you't not going to be getting the glory days of efficient code back every again - computing power is just too good these days.

Re:At some point,

60 megabytes? is that a framework or a full blown OS?

there's something seriously wrong when on a modern, powerful as you say, computer, a simple program (like whatsapp) is an order of magnitude larger and slower than an integrated development environment running inside a VM on a 5 year old *smartphone*, taking into account the total size of the IDE, the OS and the VM.

if software was written elegantly, it would be very possible to pass around the source rather than binaries and those sources would be feasibly read by even semi competent programmers.

with the size of, say, firefox, how could anyone determine with certainty that some patch didn't include a backdoor?

the modern development style is a menace. It's not efficient, it's not easy, it's not approachable. I'm waiting for a software error to be responsible for a genocide. Think i'm crazy? Give it a couple years. A couple decades ago a utility weighing at tens of megabytes would be considered beyond absurd.

Re:At some point,

computing power is just too good these days

And inexpensive, too.

Re:APK & hosts files to the rescue (again)...

Because he is a retarded spammer.

Never listen to APK's lies

Never listen to Alexander Peter Kowalski's lies.
Like how he claims the Chinese copied him but can't produce any evidence.
How about when he states that hosts does port filtering but again can't backup his statement which was shown to be false.
There is also his list of "experts" who support him but it turns out they don't say what he is claiming.
This also ignores his out of context quotes he uses to lie by omission.
The problem with APK is that his entire reputation is built upon the lie he told years ago that hosts is an effective security solution. It has been exposed numerous times as being a lie and when exposed APK fails to argue logically and instead will try to deflect criticism, change the subject, move the goal posts, return to a previously disproved statement, demand you prove you did better than his file concatenator, or just call people names. Expect that he will used these tactics to try to deflect from these criticisms. He will continue to lie by stating that he won or "dusted" you while failing to refute anything you said, will never provide real evidence, and generally try to dodge the issue.

Face it APK is one of the most detested individuals here for good reason. When ever his poor behavior, awful logic, over statements, and horrendous writing are called out he has a fit and has done so for years across the internet. He is a spammer, and is an abusive insecure little man who is washed up and never amounted to anything. Until he produces actual verifiable facts supporting his case nothing he says should be taken seriously.

Re: obligatory nelson

LOL. Your logic is broken: fix it.

Re:APK & hosts files to the rescue (again)...

I don't know, but his program really is great. It protects my computer more than all of those other, now obsolete, things combined. No more ad blocking, no more firewalls, no more antivirus, no more worries!

Just in case though, if my computer does happen to get a virus or something while the APK hosts program is guarding it, what is the warranty from APK and how will he send me monetary reimbursement?

Re:APK & hosts files to the rescue (again)...

Closed source perhaps? Distributed as a binary executable? Trust issues?

2 questions & China... apk

See subject & 2 questions you won't answer: 1.) Do hosts stop threats served by hostname (the way threats are done most) by blocking them? Yes. 2.) Do hosts speed you up 2 ways in adblocking (preventing more infection/tracking/slowdown) & via hardcoded favorite sites resolving faster + protecting vs. dns down or redirect poisoned? Yes.

My hosts program's the only 1 that does the latter @ TOP of hosts cached in RAM (for best performance) & only 1 of its kind on Linux/BSD in easy to use flexible configuration GUI form.

(I also did that LONG before the Chinese & 1st http://theregister.co.uk/2017/... )

APK

P.S.-> Have you done work that's that effective doing more for less faster in kernelmode speed (cpu priority) w/ less complexity for exploit + excess overheads vs. solutions KNOWN to be security-issue riddled (like addons (souled-out to NOT work by default OR easily detected & blocked that are BYPASSABLE & EXPLOITABLE), DNS & Antivirus)? No... apk

Security pros QUOTED on hosts vs. your lies

"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.comnews/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

ZD NET http://www.zdnet.comarticle/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

Steve Gibson on hosts https://www.grc.comsn/sn-045.htm/

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.comcolumnists/491/

APK

P.S.=> You LOSE, liar... apk

On ArseHOLETechnica

Arstechnica = losers who stalked me (as you do now anonymously unidentifiably) to NTCompatible.com & Windows IT Pro magazine forums to their public dismay in Jeremy Reimer & Jay Little + Jarrett DeAngelis (who posts here on /. until I drove his ass off too) when their websites were REMOVED by their hosting providers in Shaw Canada & CrystalTech (for both email harassing me caught on a tracking ticket + stalking me & posting lies about me on them AFTER I destroyed them both PUBLICLY @ Windows IT Pro on Exchange Servers memory being freed UNHALTING them (which tells you Exchange is HEAVILY POINTER ORIENTED linked list driven, which leads to memory fragmentation that CAN halt a serverware)).

Jay Little the "self-proclaimed 'EXCHANGE EXPERT'" HAD TO CONCEDE IT from MICROSOFT'S OWN DOCUMENTATION proving it FOR me there (where they as usual stalked me AS YOU ARE NOW)

Peter Bright/Dr. Pizza (alias GOITERMAN, lol) can tell you what happened to his IRC server after that (lol).

"The great arseHOLEtechnica" (not) RUN OUT of their own server chatrooms hahaha (by "yours truly").

APK

P.S.=> In effete retaliation they edited my posts & impersonated me on their little playpen of UNDERACHIEVER losers... apk

On Thor SCHMUCK

Ask him WHY his false accusation of an old ware of mine was 1st taken down to NO threat & CA sold off the SHITTY antivir he sold (as a paid pawn of theirs) & they are GONE, done. dead... lol!

Lookup "CA Accounting Scandal" on Google - scumbags & THEIR BIRDS OF A FEATHER just go down vs. me everytime!

APK

P.S.=> He's nothing but a BLOATED FAT pig of a lying LOSER from podunk idaho... apk

Hosts efficacy recently (partial only) alone

"It's working: Neville... it's working!" See subject & results from THIS past month alone https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... https://it.slashdot.org/commen... that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof).

P.S.=> ... & that's ONLY what /. reported on (there are FAR more) including this one here... apk

On YOU unidentifiable anonymous trash

You have NO integrity & hide behind UNIDENTIFIABLE anonymous posts STALKING me telling lies. IF you had belief in your words, you'd stand behind them - you don't, you know they're lies.

* You're a piece of shit.

APK

P.S.=> TONS of Security experts KNOW blacklists work https://yro.slashdot.org/comme... (no questions asked) & 3 things show I do it right:

1st = User praise my hosts engine https://tech.slashdot.org/comm... (so much for ME being "detested" but I'm not here to win a popularity contest - just here to WIN so everyone does).

2nd "ATTACKS" I GET (from UNIDENTIFIABLE ac as Elon Musk got https://tech.slashdot.org/stor... )

3rd BEING IMITATED = "Imitation = sincerest form of flattery" https://linux.slashdot.org/com... JUST LIKE CHINA DID ME TOO... apk

APK & hosts files to the rescue (again)... apk

0.0.0.0 github.com
0.0.0.0 archive.org
0.0.0.0 ukodi1.xyz
0.0.0.0 openserver.eu
0.0.0.0 kodiupdate.hostkda.com
0.0.0.0 hostkda.com
0.0.0.0 kodihost.rf.gd
0.0.0.0 rf.gd
0.0.0.0 updatecenter.net
0.0.0.0 stearti.atspace.eu
0.0.0.0 atspace.eu
0.0.0.0 mastercloud.atspace.cc
0.0.0.0 atspace.cc
0.0.0.0 globalregistry.atspace.co.uk
0.0.0.0 atspace.co.uk
0.0.0.0 meliova.atwebpages.com
0.0.0.0 atwebpages.com
0.0.0.0 krystry.onlinewebshop.net
0.0.0.0 onlinewebshop.net
0.0.0.0 kodinet.atspace.tv
0.0.0.0 atspace.tv
0.0.0.0 bitbucket.org
0.0.0.0 gitlab.com
0.0.0.0 www.dropbox.com
0.0.0.0 dropbox.com
0.0.0.0 glocato.atspace.eu
0.0.0.0 oraceur.hostkda.com
0.0.0.0 dilarti.1free-host.com
0.0.0.0 1free-host.com
0.0.0.0 utudict.vastserve.com
0.0.0.0 vastserve.com
0.0.0.0 encelan.atspace.cc

SOURCE = https://www.welivesecurity.com...

* "It's working: Neville... it's working!"... I.M. LEGEND

APK

P.S.=> Just as it has in this partial list only (that /. reported on & there were MORE but they are TOO "SJW" bullshit oriented now) https://it.slashdot.org/commen... ... apk

For the best possible hosts file vs threats? apk

See subjec & APK Hosts File Engine 2.0++ 64-bit for Linux/BSD h t t p : / / a p k . i t - m a t e . c o . u k / A P K H o s t s F i l e E n g i n e F o r L i n u x . z i p

Yields more security/speed/reliability/anonymity vs. any 1 solution (99% of threats use hostnames vs. IP address most firewalls use) more efficiently/FASTER + NATIVELY 4 less!

Vs. "Bolt on 'MoAr' illogic-logic" slowing you hosts speed u up 2 ways: Adblocks + Hardcode fav. sites u spend most time @ vs. competition loaded w/ security bugs (DNS/AntiVir) + overheads slowing u (messagepass 'souled-out' to advertisers easily detected & blocked addons + firewall filtering drivers) & their complexity leads to exploitation!

* ONLY 1 of its kind in GUI 4 Linux/BSD!

(Better vs. Windows model in speed/efficiency/merge)

APK

P.S.=> Protects vs. script trackers/ads/DNS request tracking + redirect poisoned or downed DNS/botnets/malware downloads/malcript/email malicious payloads... apk

Registered /.ers review of the Win64 model

Your software is just fine - well written, functional... I'm going to continue using the Host File Engine by mmell February 17, 2017

Your premise that hostfiles are a good way to deal with advertising and malvertising is quite valid - by JazzLad April 20, 2016

his hosts program is actually pretty good by xenotransplant August 10 2015

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg September 25 2015

I like your host file system by Karmashock September 09 2015

that APK guy, I use his host file by rogoshen1 Tuesday March 03, 2015

I personally use a HOSTS file blocker produced from a genius called APK by 110010001000 October 27 2017

* Linux model = faster/more efficient

APK

P.S.=> APK Hosts File Engine 9.0++ SR-1 32/64-bit for Windows https://www.google.comsearch?s...

On my being 'detested'

Here's 30 reviews by registered /.ers on quality/efficacy of Win32/64 model (Linux one's faster too) https://tech.slashdot.org/comments.pl?sid=12478398&cid=57130680/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137806/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137868/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137916/ https://tech.slashdot.org/comments.pl?sid=12478398&cid=57137944/

* Want more? Ask & "ye shall receive" (like 100,000++ users of my program WORLDWIDE...)

I'm not here to win some "highschool popularity contest" - I'm here to WIN so everyone online does vs. threats.

Your kind (lowest of the LOW do-NOTHING "ne'er-do-well" chatterboxes) does nothing but LOSE & you know it (by comparison).

APK

P.S.=> Truth is, you MUST detest yourself since you HIDE behind UNIDENTIFIABLE anonymous posts STALKING me constantly you loser... apk

Enjoy your downmod c6gunner

Enjoy your downmod c6gunner - you were caught IMPERSONATING me twisting /.ers words already as you have now https://linux.slashdot.org/com...
  you TOTAL little JEALOUS "Jowie" do-NOTHING "ne'er-do-well" CHATTERBOX online behind a FAKE NAME loser.

APK

P.S.=> You're a PUNK & a pussy c6gunner - nothing more & you KNOW it (now so does everyone) in you PUBLICLY proving it yet again... apk

I offer no warranties on freeware... apk

I offer no warranties on freeware & for the best reason of all: I can't protect against USER STUPIDITY, period. There's no defense vs. it.

* HOWEVER:

Antivirus (see Tavis Ormandy) is FULL of security issue vulnerabilities & uses more resources + slows you down & have overheads in filtering drivers (added on over the IP stack, hosts are a NATIVE part of it, no filter driver needed).

DNS is KAMINSKY redirect poisoning vulnerable (99% of ISP dns servers aren't patched vs. it) + tracks you & goes down (hence the Chinese copying my method & my hosts program's the only 1 that does hardcodes protecting you there AND SPEEDING YOU UP vs. slower DNS resolutions on the latter part of DNS points http://theregister.co.uk/2017/... )

Browser addons do less, use more & are SLOWER in usermode (vs. hosts + the IP stack it's a filter for & diskcache subsystems being in PURE faster kernelmode) don't work by default (adblock) being 'souled-out' to advertisers.

APK

Nobody trusts you UNIDENTIFIABLE ac

See my subject & you can TRUST my program works vs. threats e.g. & results from THIS past month alone https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... https://it.slashdot.org/commen... that's only recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof) & that's ONLY what /. reported on (there are FAR more)

APK

P.S.=> I won't open my source to be copied OR turned into a malicious copy (see EFast Chrome) which I was threatened here on /. IF I did + the code WAS audited by Malwarebytes' hpHosts employee Steven Burn (who both HOSTS & RECOMMENDS my work http://forum.hosts-file.net/vi... ) - this can all be verified by emailing him at - services@it-mate.co.uk & my code IS SAFE ... apk

Says UNIDENTIFIABLE anonymous troll

Says UNIDENTIFIABLE anonymous troll JEALOUS "Lil' Jowie" the do-NOTHING "ne'er-do-well" vs. results working https://it.slashdot.org/commen... & https://it.slashdot.org/commen... + https://it.slashdot.org/commen... + https://it.slashdot.org/commen... https://it.slashdot.org/commen...

That ONLY from this past month alone & recently while I've been on Linux (few months now only) & 100's of times vs. MANY other botnets/malwares etc. in the past circa 2006-early 2018 while I was on Windows: CONCRETE VISIBLE UNDENIABLE REALITY (see those links as proof) & that's ONLY what /. reported on (there are FAR more).

* All YOU & "your kind" does is STALK me OR IMPERSONATE me but you do ZERO of value (because you KNOW you're a ZERO in life).

APK

P.S.=> You KNOW what you are - see my subject & 1st line above (it's you) - now, everyone else does too... apk

Security pros QUOTED on hosts vs. your lies

"classic Windows hosts trick to block the Coinhive or Crypto-Loot domains" - https://www.bleepingcomputer.com/news/security/a-new-player-joins-coinhive-on-the-browser-cryptojacking-scene/ - BLEEPING COMPUTER

SANS ("A related approach to the DNS issue is to create a hosts file on each system that sends requests for spyware to some place else. Both Ramu and an anonymous reader have suggested this" hosts by myself & RAMU right @ START of "malware explosion" mid 2005 on) https://isc.sans.edu/forums/di...

Aryeh Goretsky/ESET/NOD32: hosts = good security http://it.slashdot.org/comments.pl?sid=7442373&cid=49747129/

ZD NET http://www.zdnet.com/article/how-to-use-a-hosts-file-to-improve-your-internet-experience/ "Hosts files really shine by letting you block ads, spyware sites, malware sites, & tracking sites"

Steve Gibson on hosts https://www.grc.com/sn-045.htm/

Oliver Day (SYMANTEC/SECURITYFOCUS) http://www.securityfocus.com/columnists/491/

APK

P.S.=> You LOSE, liar... apk