Kodi media player users who use add-ons from the Bubbles, Gaia and XvBMC repositories might have been infected with a coin miner.
Kodi is a popular media player and platform designed for TVs and online streaming. It comes as an “empty” media player that works primarily based on add-ons. Users install Kodi and then add the URL of one or more add-on repositories, from where they choose what add-ons to install on their players. Recently the popular media player have been targeted by a vicious malware campaign.
According to cybersecurity researchers, at least three popular repositories of Kodi add-ons have been infected and are now helping the malware strain to spread secretly.
Companies and individual people must take certain precautions against this growing phenomenon of malware cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using.
Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
Experts said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which contains a code that fingerprints the user’s OS and later installs a cryptocurrency miner.
The partially good news here is that the illicit cryptocurrency mining operation is only available as a miner for Windows and Linux users.
The malware is mining for Monero, and it has already infected over 4,700 victims and generated over 62 Monero coins, worth today nearly $7,000.
Most of the infected users are located in countries such as the US, the UK, Greece, Israel, and the Netherlands.
For the moment there is no reliable way of knowing if a user of those three add-on repositories has been infected, other than installing an antivirus solution and scanning the machine where Kodi was installed. A clear hint that a miner is present on Kordi running device is high CPU usage.
This, in fact, represents the second malware campaign discovered targeting Kodi users and the Kodi add-ons system. The first campaign emerged in early 2017 when hackers used Kodi add-ons to infect users with a DDoS bot.
We would continue to monitor this type of cyber attack. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.