The past few months have resulted in a notable increase in malicious cryptocurrency mining malware. It appears criminals will continue to target Monero mining in this regard. In a new effort to distribute this malware, Kodi add-ons are being laden with cryptocurrency mining malware. Several incidents have been recorded already, and the worst may have yet to come.
Kodi Add-ons are not Always Safe
Most computer users are familiar with the Kodi software. It is a free and open source media player, which supports videos, music, podcasts, and so forth. It is a cross-device compatible solution, which is also available on mobile, smart TVs, and so forth. Most people use Kodi for playing their own video content over their home network, although there are hundreds of addons for an improved media experience.
These addons have now become the target of criminals looking to embark on malicious cryptocurrency mining. More specifically, ESET researchers have discovered a few add-ons are subject to Monero mining scripts at this time. This is mainly facilitated by the auto-update feature most Kodi add-ons maintain in this day and age. Although this is a positive aspect of the addons, it also makes it easier for criminals to distribute their payloads.
There is a notable increase in malicious Kodi add-on updates over the past few months. Although this trend is not just native to Kodi, the free and open-source software has become so popular it is an easy target for criminals to exploit. As most of these mining payloads can run on both Windows and Linux, criminals are aggressively stepping up their Monero mining efforts.
Under the hood, some of the malicious addons use a very sophisticated approach to introducing this cryptocurrency mining malware. To be more specific, the developers are looking for ways to ensure their malware cannot be traced back to the original creators. In some instances, the add-ons were added to the XcMBC repository, which has been taken offline due to the hosting of pirated content.
For the time being, these malicious Kodi addons are mainly designed to target users in specific countries. Key targets include Israel, the UK, the US, and the Netherlands. It is not impossible this threat will expand to other countries over time, especially if the Monero mining malware proves to be a lucrative revenue stream in the long run. Malicious crypto mining has become one of the bigger threats to date in the world of internet-connected devices.
As is usually the case with third-party add-ons, issues like these were bound to happen sooner or later. Criminals are actively exploring numerous ways to mine cryptocurrencies using someone else’s computer. As Kodi gains even more popularity, it is only normal more of these malicious addons will make their way to the market moving forward.