Users of Kodi, a popular media player and platform designed for TVs and online streaming, have been the targets of a malware campaign, ZDNet has learned from cyber-security firm ESET.
According to a report that will be published later today and shared with ZDNet in advance, the company's malware analysts have uncovered that at least three popular repositories of Kodi add-ons have been infected and helped spread a malware strain that secretly mined cryptocurrency on users' computers.
Kodi, for readers unfamiliar with this software, is an "empty" media player that works primarily based on add-ons. Users install Kodi and then add the URL of one or more add-on repositories, from where they choose what add-ons to install on their players.
Add-ons exist for streaming everything from Hulu to YouTube, but the player is often used for streaming pirated content, such as pay-per-view channels or movies from torrent portals.
ESET researchers say they found malicious code hidden in some of the add-ons found on three add-on repositories known as Bubbles, Gaia, and XvBMC, all offline at the time of writing, after receiving copyright infringement complaints.
Researchers said that some of the add-ons found on these repositories would contain malicious code that triggered the download of a second Kodi add-on, which, in turn, would contain code to fingerprint the user's OS and later install a cryptocurrency miner.
While Kodi can run on various platforms, ESET says that the operators of this illicit cryptocurrency mining operation only delivered a miner for Windows and Linux users.
ESET says there is no reliable way of knowing if a user of those three add-on repositories has been infected, other than installing an antivirus solution and scanning the machine where Kodi was installed. A clear hint that something is wrong is high CPU usage, a common indicator of cryptocurrency mining operations.
This was the second malware campaign discovered targeting Kodi users and the Kodi add-ons system. The first came to light in early 2017, when someone used Kodi add-ons to infect users with a DDoS bot.
These are 2018's biggest hacks, leaks, and data breaches