Kodi users on Windows and Linux infected with cryptomining malware

By Shawn Knight · 6 replies
Sep 14, 2018 at 1:38 PM
Post New Reply
  1. According to a recent report from cybersecurity firm ESET, malware found in the XvMBC repository (the same one that was shut down last month over copyright infringement concerns) was originally uploaded to the Bubbles and Gaia (a fork of Bubbles) repositories in December 2017 and January 2018, respectively.

    The malware, with its multi-stage architecture, spread from these two sources across the Kodi ecosystem, ESET said. The firm adds that its payload, a cryptominer, runs on Windows and Linux and mines the virtual currency Monero (XMR). The malware was designed in a way that makes it difficult to trace the payload back to the malicious add-ons.

    Based on ESET’s data, the top five countries affected by the malware include the US, Greece, Israel, the Netherlands and the United Kingdom.

    ESET points out that the repositories that first spread the malware are either defunct, as in the case of Bubbles, or no longer serving the bad code, like at Gaia. That said, victims that don’t know they installed the cryptominer are likely still infected. What’s more, the malware has made its way to other repositories and into some ready-made Kodi builds, likely without their authors’ knowledge.

    ESET believes that more than 4,700 victims are affected by the malware which has generated around $6,700 in value for its creators.

    For a full technical analysis of the malware, head over to ESET’s dedicated landing page for the campaign.

    Permalink to story.

     
  2. cliffordcooley

    cliffordcooley TS Guardian Fighter Posts: 10,456   +4,338

    So which movie studio put out this malware?
     
  3. psycros

    psycros TS Evangelist Posts: 2,172   +1,701

    Naw, they only DoS sharing sites and post fake files.
     
  4. GeforcerFX

    GeforcerFX TS Evangelist Posts: 788   +316

    I wonder how many people using kodi use it just for the illegal cable/satellite streams, the 5 users I know use it exclusively for that, but that's a small pool. If the 5 I know got infected I would just laugh about it, Karma's a B*tch
     
  5. tommyhome

    tommyhome TS Rookie

    This only affect a small amount of kodi users, those that have installed the 3:rd party repository.
     
  6. Camikazi

    Camikazi TS Evangelist Posts: 966   +313

    I'm willing to bet that is not a small amount of users considering EVERY cheap Android TV box you see on sale everywhere uses Kodi with 3rd party repos.
     
  7. Danny101

    Danny101 TS Maniac Posts: 398   +147

    Kind of hard to say it's a bad deal. You watch free movies while the provider is mining coin. If that coin goes to content creators, win win right?
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...