Cryptocurrency-mining Malware Targets Kodi Users on Windows, Linux

September 18, 2018

While some users of popular media player Kodi were enjoying the latest video streams, malware was already using their computers to mine cryptocurrency for several months. Security researchers reported that cybercriminals have been targeting Kodi patrons with malicious Kodi add-ons that push cryptocurrency-mining malware binaries on Windows and Linux operating systems via a Python code.  

Kodi is a media-streaming platform that supports various add-ons that can be found in its website and in third-party repositories. The researchers found the cryptocurrency-mining malware in a third-party repository, after being found in two other third-party repositories late last year and early this year.

The malware is designed in such a way that it’s difficult to trace the cryptocurrency-mining malware payload back to the malware-laced add-ons. The coin-mining malware has been observed mining the Monero (XMR) virtual currency. 

Security researchers estimate that this cryptocurrency-mining malware variant has affected less than 5,000 Kodi users and has mined about $6,700 USD in virtual currency. The five most-affected countries are the US, Greece, Israel, the Netherlands, and the United Kingdom, which according to the researchers are the top countries that use Kodi based on traffic.

Although the malicious add-ons are no longer available in various third-party repositories (one repository is no longer operational while the other removed the malicious cryptocurrency-mining code), Kodi users who have unknowingly downloaded the malware on their devices are still affected.

Protection against cryptocurrency-mining malware

Mining for cryptocurrency is a computationally intensive task that requires a significant amount of system resources and high power consumption, affecting system performance and increasing wear and tear. Cryptocurrency mining was the most detected home network event by the Trend Micro™ Smart Home Network solution in 2017, while cryptocurrency-mining malware gained momentum toward the end of the year, as detected by the Trend Micro™ Smart Protection Network™ infrastructure.

The adverse impact to affected devices makes cryptocurrency-mining malware a credible threat. To mitigate the risks, we recommend these best practices to users:

  • Regularly update devices with their latest firmware to prevent attackers from taking advantage of vulnerabilities to get into systems.
  • Change devices’ default credentials to prevent unauthorized access.
  • Employ intrusion detection and prevention systems to deter malicious attempts.
  • Be wary of known attack vectors, such as socially engineered links, attachments, and files from suspicious websites, dubious third-party applications, and unsolicited emails.

Users can also consider adopting security solutions that can provide protection from various iterations of cryptocurrency-mining malware through a cross-generational blend of threat defense techniques. Trend Micro™ XGen™ security provides high-fidelity machine learning that can secure the gateway and endpoint, and protect physical, virtual, and cloud workloads. With technologies that employ web/URL filtering, behavioral analysis, and custom sandboxing, XGen security offers protection against ever-changing threats that bypass traditional controls and exploit known and unknown vulnerabilities. XGen security also powers Trend Micro’s suite of security solutions: Hybrid Cloud SecurityUser Protection, and Network Defense.



Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.