Popular media-streaming player Kodi has at least 3 add-ons that have been found to contain malware for mining cryptocurrency remotely, according to ZDNet. All repositories have now been taken offline.
Kodi acts as a media player powered mainly by plug-ins, having users navigate to the desired repositories and install whatever additional features they want. It is wildly popular for TV-streaming, subscription content and even piracy.
The affected add-ons were found in the repositories for Bubbles, Gaia, and XvBMC. Users who installed from these had their systems used for remote mining of the Monero currency. It is believed over 4,700 people were affected and more than 62 Monero were mined. Only Windows and Linux platforms contained the malware.
It can be hard for a user to tell if they have been infected until they run an antivirus scan on their machine. However, the sudden onset of high CPU usage when no change to behavior has occurred is a huge red flag.
Cryptocurrency malware has been on the rise this year, and this is just another drop in the bucket. Hopefully the community will find a way to combat this new type of exploitation, but only time will tell.