1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Kodi users on Windows and Linux infected with cryptomining malware

By Shawn Knight · 6 replies
Sep 14, 2018
Post New Reply
  1. According to a recent report from cybersecurity firm ESET, malware found in the XvMBC repository (the same one that was shut down last month over copyright infringement concerns) was originally uploaded to the Bubbles and Gaia (a fork of Bubbles) repositories in December 2017 and January 2018, respectively.

    The malware, with its multi-stage architecture, spread from these two sources across the Kodi ecosystem, ESET said. The firm adds that its payload, a cryptominer, runs on Windows and Linux and mines the virtual currency Monero (XMR). The malware was designed in a way that makes it difficult to trace the payload back to the malicious add-ons.

    Based on ESET’s data, the top five countries affected by the malware include the US, Greece, Israel, the Netherlands and the United Kingdom.

    ESET points out that the repositories that first spread the malware are either defunct, as in the case of Bubbles, or no longer serving the bad code, like at Gaia. That said, victims that don’t know they installed the cryptominer are likely still infected. What’s more, the malware has made its way to other repositories and into some ready-made Kodi builds, likely without their authors’ knowledge.

    ESET believes that more than 4,700 victims are affected by the malware which has generated around $6,700 in value for its creators.

    For a full technical analysis of the malware, head over to ESET’s dedicated landing page for the campaign.

    Permalink to story.

  2. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 11,208   +4,876

    So which movie studio put out this malware?
  3. psycros

    psycros TS Evangelist Posts: 2,582   +2,302

    Naw, they only DoS sharing sites and post fake files.
  4. GeforcerFX

    GeforcerFX TS Evangelist Posts: 846   +349

    I wonder how many people using kodi use it just for the illegal cable/satellite streams, the 5 users I know use it exclusively for that, but that's a small pool. If the 5 I know got infected I would just laugh about it, Karma's a B*tch
  5. tommyhome

    tommyhome TS Rookie

    This only affect a small amount of kodi users, those that have installed the 3:rd party repository.
  6. Camikazi

    Camikazi TS Evangelist Posts: 978   +324

    I'm willing to bet that is not a small amount of users considering EVERY cheap Android TV box you see on sale everywhere uses Kodi with 3rd party repos.
  7. Danny101

    Danny101 TS Guru Posts: 642   +241

    Kind of hard to say it's a bad deal. You watch free movies while the provider is mining coin. If that coin goes to content creators, win win right?

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...