Slashdot Mirror
Windows, Linux Kodi Users Infected With Cryptomining Malware (zdnet.com)
An anonymous reader quotes a report from ZDNet: Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET. According to a report that will be published later today and shared with ZDNet in advance, the company's malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users' computers.
ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.
ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints. Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner. While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users. The crooks reportedly mined for Monero, infecting over 4,700 victims and generating over 62 Monero coins, worth today nearly $7,000.
XBMC\Kodi is a rather large HTPC platform. The issue is not with their software. The issue is they allow plug-ins to extend functionality which is something that makes its very powerful. I use it to auto-rip a DVD while it plays for instance. You are well warned when you install from 3rd party repositories like the ones in question. It is no different than the varies app stores when Android first started that will full of all sorts of baddies.
At the end of the day if you're installing software from untrusted sources then you sort of deserve what you get. As an avid user of Kodi I never used any of those repositories so I've got nothing to worry about.
Kodi can be installed on anything. Just because Windows is full of bugs that can cause Kodi problems doesn't mean Kodi did something wrong.
I would like to see them say something about this however as there are users out there that are less than technical and actually bought Kodi machines off Amazon back you were still allowed to.
If you choose to install malware, you'll get malware. To get infected by this you have to go to one of three fly by night repositories of illegal plugins and choose to install a plugin that turns out to be doing a different kind of illegal activity than you expect (crypto mining instead of media piracy). It should not be a shock that dealers in illegal goods aren't always trustworthy -- it's like being shocked when your drug dealer steals from you.
This space intentionally left blank