Some unofficial repositories for the Kodi open source media player deliver cryptomining malware for Windows and Linux platforms in a modified add-on. Here are a few details.
The whole thing has been deteted by ESET security researchers, who have documented it on the We Live Security blog. Kodie users may have noticed that a popular Dutch repository of third-party add-ons, XvBMC, was recently shut down for copyright infringement warnings. After the repository’s shutdown on Github, ESET security researchers discovered that the repository was – probably unknowingly – part of a malicious cryptomining campaign dating back to December 2017.
(Source: Pexels David McBee CC0 License)
It is the second publicly known case of malware spread on a large scale via Kodi add-ons, and the first publicly known cryptomining campaign launched via the Kodi platform. Interestingly, this campaign installs Linux- or Windows-specific binary files on the respective operating systems of Kodi victims. More details may be read at We Live Security and Bleeping Computer.