Users of Kodi Media Player Targeted by Cryptomining Malware

Users of Kodi Media Player Targeted by Cryptomining Malware

Third-party add-ons were found to contain malware targeting Windows and Linux users

  • By Jordan Lutke
  • Sep 14, 2018

Users of the Kodi, beware! ESET researchers reported Thursday that they had found multiple add-ons for the popular media player containing malware designed to force users’ systems to mine cryptocurrency.

Kodi is a free downloadable media player intended for use with TVs, but does not stream any content on its own, relying on add-ons such as “Gaia” and “XvBMC” to provide content. These two, along with another popular repository called “Bubbles,” were the first three add-ons discovered to be infected with the malware.

All three of these repositories are currently offline, having been subject to copyright complaints, due to the prevalence of their use, and by extension Kodi’s, to stream pirated content. The malware purportedly takes advantage of the update verification system to “fingerprint” a user’s Operating System, and later uses this back door to install a coinminer, malware that uses the victim’s CPU to mine for cryptocurrency.

Nadav Avital, threat researcher at Imperva, a cybersecurity company, said that cyber criminals targeting Kodi isn’t surprising. “Cyber criminals are always looking to expand their target cycle in order to make more money,” Avital said. “In the past, we've seen rogue crypto miner malware infecting browsers, databases, management systems, cache systems and more.”

The criminals’ efforts were to mine the cryptocurrency Monero, and data obtained by ESET led them to believe they had infected at least 4,700 systems, and mined almost $7,000 worth of Monero. Most of the affected systems are in the United States, by far the region where Kodi’s user base is the largest.

This is actually the second incident of its kind, with the first malware campaign being discovered in 2017. In that instance, Kodi users found their systems unwittingly recruited into helping with DDoS (Distributed Denial of Service) attacks.

About the Author

Jordan Lutke is an intern with 1105 Media.

Featured

  • TSA Introduces New $45 Fee Option for Travelers Without REAL ID Starting February 1

    The Transportation Security Administration (TSA) announced today that it will refer all passengers who do not present an acceptable form of ID and still want to fly an option to pay a $45 fee to use a modernized alternative identity verification system, TSA Confirm.ID, to establish identity at security checkpoints beginning on February 1, 2026. Read Now

  • The Evolution of IP Camera Intelligence

    As the 30th anniversary of the IP camera approaches in 2026, it is worth reflecting on how far we have come. The first network camera, launched in 1996, delivered one frame every 17 seconds—not impressive by today’s standards, but groundbreaking at the time. It did something that no analog system could: transmit video over a standard IP network. Read Now

  • From Surveillance to Intelligence

    Years ago, it would have been significantly more expensive to run an analytic like that — requiring a custom-built solution with burdensome infrastructure demands — but modern edge devices have made it accessible to everyone. It also saves time, which is a critical factor if a missing child is involved. Video compression technology has played a critical role as well. Over the years, significant advancements have been made in video coding standards — including H.263, MPEG formats, and H.264—alongside compression optimization technologies developed by IP video manufacturers to improve efficiency without sacrificing quality. The open-source AV1 codec developed by the Alliance for Open Media—a consortium including Google, Netflix, Microsoft, Amazon and others — is already the preferred decoder for cloud-based applications, and is quickly becoming the standard for video compression of all types. Read Now

  • Cost: Reactive vs. Proactive Security

    Security breaches often happen despite the availability of tools to prevent them. To combat this problem, the industry is shifting from reactive correction to proactive protection. This article will examine why so many security leaders have realized they must “lead before the breach” – not after. Read Now

  • Achieving Clear Audio

    In today’s ever-changing world of security and risk management, effective communication via an intercom and door entry communication system is a critical communication tool to keep a facility’s staff, visitors and vendors safe. Read Now

Most   Popular

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.