Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET.
According to a report that will be published later today and shared with ZDNet in advance, the company’s malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users’ computers.
Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user’s OS and later install a cryptocurrency miner.
While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users.
Crooks mined for Monero, and according to some partial data obtained by ESET, the company believes they infected over 4,700 victims and generated over 62 Monero coins, worth today nearly $7,000.
Most of the infected users were located in countries such as the US, the UK, Greece, Israel, and the Netherlands, countries where Kodi usage is also high.
ESET says there is no reliable way of knowing if a user of those three add-on repositories has been infected, other than installing an antivirus solution and scanning the machine where Kodi was installed. A clear hint that something is wrong is high CPU usage, a common indicator of cryptocurrency mining operations.
Submitted by: Arnfried Walbrecht