A number of add-ons for the media player have apparently been infected by cryptocurrency mining malware that affects Windows and Linux users.
Security researchers at ESET provided details about a recently discovered cryptomining campaign. XvBMC, a repository on the Kodi platform, using third party add’ons Bubbles and Gaia, was to their belief, an unknowing participant in a crytomining campaign that dates back to December of last year. The malware that was found in the repository, when downloaded by a victim, installed a cryptominer on an unsuspecting victim’s device. Its architecture is described as multi-staged and ensures that its payload is difficult to track back to the malicious add on. The cryptominer utilized mines Monero and runs on both the Linux and Windows operating systems. The top five countries affected by this activity were: the United States, Israel, the United Kingdom, and Greece. The repository has since been shutdown. For full technical details we encourage our readers to review ESET’s article.
Indicators of Compromise