The Kodi Open-Source Media player has been modified with a malicious script that downloads crypto mining software on Windows and Linux based distributions. The operations may have begun since December 2017 using a 'script.module.simplejson' add-on hosted by Bubbles Repository.
The Kodi add-ons are only available from multiple repositories spotted in the campaign conducted by ESET in the XvBMC repository which was shut down recently because of the copyright infringement but there are many repositories that are offering the same tampered file.
There are many nations affected by these add-ons, such as the United States, Israel, Greece, The United Kingdom, however it would seem that the Netherlands were most affected. The 'script.module.simplejson' is the legitimate name of the Kodi add-on however bad actors have taken advantage of this Kodi update system and released the add-on with a higher version number. The malicious code has Python Code injected into the application which executes the crypto miner, once the malware has been successfully installed the Python code that installed the malware gets deleted by the same code.
"The code is clearly written by a developer with a good knowledge of Kodi and its add-on architecture. The script identifies which OS it is running on (only Windows and Linux are supported, Android and macOS ignored), connects to its C&C server, and fetches and executes an OS-appropriate binary downloader module," the researchers noted.ESET believe that users who use third party repositories with Kodi have a higher chance of being compromised by the malware.
Take your time to comment on this article
Posted from my blog with SteemPress : https://latesthackingnews.com/2018/09/17/windows-and-linux-are-being-targeted-by-malicious-kodi-add-ons/