Kodi users on Windows and Linux infected with cryptomining malware
Bad actors are making money off unsuspecting Kodi users
By Shawn Knight,
What just happened? Unofficial repositories serving third-party add-ons
for open source media player Kodi have been serving malicious
cryptocurrency mining malware for several months. Fewer than 5,000
victims are estimated but that number could grow as the malware spreads.
According to a recent report from cybersecurity firm ESET, malware found
in the XvMBC repository (the same one that was shut down last month
over copyright infringement concerns) was originally uploaded to the
Bubbles and Gaia (a fork of Bubbles) repositories in December 2017 and
January 2018, respectively.
The malware, with its multi-stage architecture, spread from these two
sources across the Kodi ecosystem, ESET said. The firm adds that its
payload, a cryptominer, runs on Windows and Linux and mines the virtual
currency Monero (XMR). The malware was designed in a way that makes it
difficult to trace the payload back to the malicious add-ons.
Based on ESET’s data, the top five countries affected by the malware
include the US, Greece, Israel, the Netherlands and the United Kingdom.
ESET points out that the repositories that first spread the malware are
either defunct, as in the case of Bubbles, or no longer serving the bad
code, like at Gaia. That said, victims that don’t know they installed
the cryptominer are likely still infected. What’s more, the malware has
made its way to other repositories and into some ready-made Kodi builds,
likely without their authors’ knowledge.
ESET believes that more than 4,700 victims are affected by the malware
which has generated around $6,700 in value for its creators.
For a full technical analysis of the malware, head over to ESET’s dedicated landing page for the campaign.
Join Geezgo for free. Use Geezgo's end-to-end encrypted Chat with your Closenets (friends, relatives, colleague etc) in personalized ways.>>
No comments