Users of Kodi Media Player Targeted by Cryptomining Malware

Users of Kodi Media Player Targeted by Cryptomining Malware

Third-party add-ons were found to contain malware targeting Windows and Linux users

Users of the Kodi, beware! ESET researchers reported Thursday that they had found multiple add-ons for the popular media player containing malware designed to force users’ systems to mine cryptocurrency.

Kodi is a free downloadable media player intended for use with TVs, but does not stream any content on its own, relying on add-ons such as “Gaia” and “XvBMC” to provide content. These two, along with another popular repository called “Bubbles,” were the first three add-ons discovered to be infected with the malware.

All three of these repositories are currently offline, having been subject to copyright complaints, due to the prevalence of their use, and by extension Kodi’s, to stream pirated content. The malware purportedly takes advantage of the update verification system to “fingerprint” a user’s Operating System, and later uses this back door to install a coinminer, malware that uses the victim’s CPU to mine for cryptocurrency.

Nadav Avital, threat researcher at Imperva, a cybersecurity company, said that cyber criminals targeting Kodi isn’t surprising. “Cyber criminals are always looking to expand their target cycle in order to make more money,” Avital said. “In the past, we've seen rogue crypto miner malware infecting browsers, databases, management systems, cache systems and more.”

The criminals’ efforts were to mine the cryptocurrency Monero, and data obtained by ESET led them to believe they had infected at least 4,700 systems, and mined almost $7,000 worth of Monero. Most of the affected systems are in the United States, by far the region where Kodi’s user base is the largest.

This is actually the second incident of its kind, with the first malware campaign being discovered in 2017. In that instance, Kodi users found their systems unwittingly recruited into helping with DDoS (Distributed Denial of Service) attacks.

About the Author

Jordan Lutke is an intern with 1105 Media.

Featured

  • The Yellow Brick Road

    The road to and throughout Wednesday's and Thursday's ISC West was crowded but it was amazing. Read Now

    • Industry Events
    • ISC West
  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West
  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West
  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.