Malicios Kodi Add-ons Targets Windows and Linux Users with Cryptomining Malware

Recent Cyber Attacks 2018

Kodi, a popular open source media player, was discovered distributing crypto mining malware to Windows and Linux users.

Security researchers from ESET have discovered that several third-party add-ons on Kodi media player have been infected by a malware strain which secretly mines cryptocurrency on user’s computers.

The malicious code was found hidden in some of the add-ons found on three add-on repositories Bubbles, Gaia, and XvBMC.

In some of the add-ons found on these repositories contains malicious code which downloads a second Kodi add-on which takes a snapshot of the user’s OS and installs a cryptocurrency miner.

According to researchers, the campaign appears to be started in December 2017 and only target Windows and Linux users.


“The malware has a multi-stage architecture and employs measures to ensure that its final payload – the cryptominer – cannot be easily traced back to the malicious add-on. The cryptominer runs on Windows and Linux and mines the cryptocurrency Monero (XMR). We have not seen a version targeting Android or macOS devices in the wild.” said in the analysis published by ESET researchers.

The top five countries affected by this campaign are the United States, Israel, Greece, the United Kingdom and the Netherlands. These countries are also there in the top list of Kodi usage.



According to data obtained by researchers at least 4774 victims are affected by the malware and have generated 62,57 XMR ($6700).

Users who have installed Kodi on their system and installed add-ons from third-party repositories are advised to run a full scan of their system using good antivirus software to check whether they are infected or not.

The three repositories containing malicious add-ons are already deleted. For more details, you can visit the analysis published by ESET researchers here.

For the latest cyber threats and the latest hacking news please follow us on Facebook and Twitter.

You may be interested in reading:Mac Adware Doctor App Discovered Stealing Sensitive Information of Users


Please rate this content