(Image source: Techradar.com)
Word is that the users of Kodi media player who had add-ons from the Bubbles, Gaia, and XvBMC repositories installed on their systems might have been affected with a coin miner.
As discovered by ESET (cyber-security firm), users of Kodi, and the free and open-source media player software application which has continuously evolved over time and spawned a community of its own has been one of the many targets of a malware campaign.
Reports on ZDNet elucidate the findings of company’s malware analysts who detected that a minimum of three popular repositories of Kodi add-ons have been infected and assisted the fostering of a malware strain which covertly mined cryptocurrency on users’ computers.
For those who find the sound of ‘Kodi’ still foreign, it is an “empty” media player which functions fundamentally on add-ons. After installing Kodi, users add the URL of the add-on repositories of their preference and then from there they select which add-on to install on their players.
Though the player is predominantly used for streaming pirated content, the add-ons permit streaming everything from YouTube to Netflix.
As deduced by ESET researchers, the three aforementioned add-on repositories stations malicious code which sets into motion the download of a second Kodi add-on and as the newly downloaded Kodi add-on contains a code to fingerprint the user’s OS to later install a cryptocurrency miner, the malicious procedure comes to a noxious conclusion.
However Kodi is available for various platforms, researchers said that the programmers of this malign cryptocurrency mining program have only configured a miner for Linux and Windows users. According to the fragmented data obtained by ESET, crooks mined for Monero and affected over 4,700 users – accumulating over 62 Monero coins worth $7,000.
Countries with a high percentage of Kodi users are, as a matter of fact, the most affected ones as well, to name a few- UK, Israel, US, Netherlands, and Greece,
On the solution front, there’s no concrete way of detecting the infection but users are advised to have antivirus software installed and updated. Besides that, a high CPU usage is a probable hint of the attack as it is a common indicator of cryptocurrency mining operations.