Cryptomining Campaign was Launched by Kodi Add-Ons
ESET, the cyber-security firm, has informed ZDNet that a recent malware campaign has targeted the users of Kodi, the famous media player as well as platform that was designed for online streaming and TVs.
As per a report that was shared in advance with ZDNet, the malware analysts of the company have found that a minimum of three popular Kodi add-ons repositories got infected and helped in spreading a malware strain, which secretly mined the cryptocurrency on the computers of users.
Kodi platform, the famous media player software doesn't offer any content by itself, but the users can extend functionality of the software by installing numerous add-ons that can be found in both - official Kodi repository as well as various third-party repositories. As posted on September 13, 2018, by welivesecurity.com, a few third-party add-ons let the users access the pirated content, creating controversy around Kodi.
Off late, copyright-infringing add-ons have been also accused of exposing the users to malware. However, besides an incident where DDoS module has been added to a famous third-party Kodi add-on, there was no evidence of any malware, distributed through Kodi add-ons, being present till now.
Infection can happen when a user point Kodi to analyze a repository URL that has been compromised for the add-on updates, or at the time of installing the ready-made build of the media player containing the URL or modified add-on itself.
United States, the United Kingdom, Greece, the Netherlands, and Israel are the countries that have recorded most of the traffic for the Kodi add-ons. Also, these countries are the five major affected countries. As per ESET, no reliable method is there for knowing whether a user of those 3 add-on repositories was infected, apart from installation of antivirus solution and then scanning machine where the Kodi was installed. A clear sign of something is being wrong is when CPU shows high usage, which is a common cryptocurrency mining operations indicator.
This is for the second time that the Kodi users along with Kodi add-ons system are being targeted by a malware campaign. The first time when a malware campaign hit the Kodi users was in the year 2017, when Kodi add-ons were used to infect the users with the DDoS bot.
» SPAMfighter News - 19-09-2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!