Windows, Linux Kodi Users Infected With Cryptomining Malware

An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET. According to a report that will be published later today and shared with ZDNet in advance, the company's malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users' computers.

ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.

Re:So Open source not great either

[Gavagai80]

If you choose to install malware, you'll get malware. To get infected by this you have to go to one of three fly by night repositories of illegal plugins and choose to install a plugin that turns out to be doing a different kind of illegal activity than you expect (crypto mining instead of media piracy). It should not be a shock that dealers in illegal goods aren't always trustworthy -- it's like being shocked when your drug dealer steals from you.