These past years online streaming services almost completely took over the regular cable TVs allowing people to access their favorite shows and movies anywhere on any device, therefore with the increasing demand, various streaming services started to pop out offering comfort and entertainment in their own ways. One of them was Kodi, which today is facing pretty serious reputation problems, because of the crypto mining malware, targeting Monero, found in some of its add-ons.
If you haven’t heard yet, Kodi is a widely known free media player, that was primarily developed for the Xbox, but then was released for Windows, Linux, macOS, Android and etc. Kodi itself does not contain any movies, music or etc., but allows users to install various kinds of add-ons which provide the entertainment and content. This application has already been mentioned in the headlines for the copyright infringement with a ZemTv and overall compared to the rest of the streaming services, Kodi was known as the precarious one, because of the unregulated/pirating add-ons.
According to the recent ESET report, despite all the previous accusations and another popular addon Exodus DDoS scandal, yesterday was the very first time when the actual malware was confirmed to be found in three Kodi’s optional enhancing extensions.
The discovered malware was a Monero cryptocurrency miner, which was noticed to be distributed since December 2017. The very first add-on that was noticed to contain miner was Bubbles, and soon after in January 2018, Gaia add-on showed up taking over Bubbles when it was terminated by Kodi. The last one was a dutch extension called XvBMC, which was shut down quite recently for copyright violations, just like the rest. Although Kodi was and is trying to get rid of all the shady and pirating add-ons, the damage has been done to both – users and Kodi’s reputation. That can be detrimental when you have competition like Netflix, Hulu, HBO Now, Amazon Prime.
ESET researchers figured that this crypto mining malware had managed to infect users mainly from the United States, Israel, Greece, Canada, the United Kingdom, Spain, Netherlands, and some other European countries. As you know, crypto mining right now is trending amongst the hackers that want to easily get rich, because of the silent working mechanisms and no visible harm, therefore it is no surprise that it was exactly this and not a different kind of virus.
Cryptominer developers in around 10 months were able to mine around 62 Monero coins (around $7,000), which is a smart choice since Bitcoin is not doing so well anymore. This was achieved with the help of 4700 infected systems. ESET reported noted, that only Linux and Windows OS users were affected and those who were streaming from their Android or macOS devices should not worry. This makes sense since crypto mining uses a lot of CPU usage, which may be not sufficient from the smaller gadgets. Yet that does not indicate that miners don’t attack smartphones, not only slowing them down drastically but also Leaving physical damage.
Like we mentioned before, Gaia, Bubbles, and XvBMC are now gone from Kodi’s add-on market, yet all people who were using this media player on their Linux or Windows systems should run a thorough scan with a reputable antivirus or anti-malware (we can suggest SpyHunter or some others) to make sure that the notorious crypto miners is not running on their machine, wearing the hardware down. If you want to learn more about ESET’s discovery and technical details on how add-ons did it then, please take a look at the their article, mentioned below.