If you’re a Kodi user who uses a vast array of add-ons, you need to be careful. You could be inadvertently exposing yourself to malware. Cryptojacking, botnets… there has been a long line of malware claims.
We’re going to take a closer look at cryptojacking, explain how to deal with it, then tell you about two other forms Kodi malware you should watch out for.
Cryptojacking is a relatively new form of malware that’s becoming increasingly common due to the growing value of cryptocurrencies. In addition to Kodi, you can find it on other apps in the Google Play Store.
In simple terms, a cryptojacker secretly runs on a host’s machine and mines cryptocurrencies without their knowledge.
On the upside, cryptojacking is not as dangerous as some other forms of malware; it’s not going to lock your machine and hold you to ransom or try and steal your online banking credentials.
But mining crypto is a resource-intensive task. It can eat through your bandwidth and computer processing power, causing your machine and network to slow to a crawl or even crash entirely.
Anyone who runs Kodi is at risk, but people who install the app on Amazon Fire TV devices are particularly vulnerable.
One strain of cryptojacking malware—called ADB.Miner—spreads through port 5555. The port automatically opens when you enable Developer Options, which is a necessary step for install Kodi on the Fire TV. It’s thought more than 17,000 devices are at risk.
The ADB.Miner malware mines the Monero cryptocurrency.
How to Protect Kodi From Cryptojacking
To protect yourself against cryptojacking on Kodi, you need to use TVAddon’s No-Coin Scan add-on. It’s based on the No-Coin browser extension.
Once you’ve installed Indigo, go to Add-ons > Indigo on the Kodi homepage, then scroll down to No-Coin Scan and click on it.
The scan will take a few minutes to complete. When it’s finished, it will either give your system a clean bill of health, or advise you on the correct action to take.
2. Subtitle Malware
In May 2017, researchers at security firm Check Point published a proof of concept video which demonstrated how malware hidden in a subtitle file could attack your computer.
The attack itself occurs when you download the file onto your computer from a subtitle repo. It’s especially troublesome because Kodi typically automates the download process; users often have no idea that the malware is infecting them.
Kodi treats the repos as a trusted source, meaning neither it, nor your anti-virus software, picks up on the malware as it enters your machine.
Check Point noted that VLC, Popcorn Time, and Stremio are also vulnerable to the same attack. It adds that many more media players could also be at risk. As a result, it thinks hundreds of millions of users are vulnerable.
Omri Herscovici, vulnerability research team leader at Check Point, said the fragmented nature of subtitle file formats were to blame:
“The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This fragmented ecosystem, along with limited security, means there are multiple vulnerabilities that could be exploited.”
Although Kodi has now closed the loophole, you could be at risk if you’re not running the latest version of the app. Kodi does not update automatically. If you’re running Windows or Mac, check for updates on Kodi’s website. The processes for updating Kodi on Android and updating Kodi on the Amazon Fire Stick are slightly different.
3. DDoS Botnet Attacks
In February 2017, one of the most popular Kodi add-ons in the world was found to be unsafe. Exodus, which at the time had millions of daily users, was an add-on which allowed users to access copyrighted material illegally.
To explain the full story, we need to take a step back for a moment.
Because Exodus was breaking the law, its then-developer wanted to remain anonymous. He was only known by his handle, Lambada. Rival developers copied his work and threatened to expose his true identity, creating a feud.
Instead of backing down, Lambada went on the attack. He added several lines of code to his add-on that automatically contacted a website.
Upon closer investigation, it was found the targeted websites were those of his adversaries. Lambada had created a DDoS botnet which every one of Exodus’ users automatically became a part of. It meant millions of people were inadvertently pinging sites without their knowledge.
Botnets are terrible for users because they can be used to spread malware, reduce your bandwidth, and have an untold number of privacy implications.
It should be noted that Lambada didn’t spread anything malicious. However, keep in mind that Exodus was one of the most well-known Kodi add-ons.
There are lots of murkier Kodi add-ons that can, and do, spread malware and other viruses. Some of the most common culprits are very old add-ons on your system that have changed their developer multiple times and forked versions of popular add-ons.
Are Kodi Video Streams at Risk of Malware?
At the 2018 RSA Conference, Kurtis Minder, CEO of security company GroupSense, gave a talk on the growing threat of malware on Kodi.
He claimed the two major delivery methods for malware were via the Kodi platform and its video streams.
However, his claims regarding video streams are questionable. Bogdan Botezatu, senior e-threat analyst at BitDefender, claimed he had seen such attacks in the wild since 2005’s Trojan.Wimad, that exploited DRM technology on Windows machines.
Hype vs. Reality: How Vulnerable Is Kodi?
All these stories raise the question: Are you really at risk?
Well, despite what some copyright advocates claim, many large security firms agreed that the risk level is quite low. Anti-virus developer Avast says it is yet to see any “Kodi-related malware risks in the wild.” BitDefender said the only significant threat was the previously-discussed subtitle threat.
The threat level is not zero, however. F-Secure noted that “most popular Kodi plugins […] seem clean. But there are at least some plugins that are clearly malicious.”
Of course, malware isn’t the only security threat facing Kodi users. Privacy problems arise from the unencrypted communication between the Kodi app and third-party add-ons, while there are still simmering legal issues if you use Kodi on Amazon Fire TV.