Security News
Get Scanguard Login

How to Prevent Malware Infection in Kodi

Three popular add-on repositories for the Kodi media player have been allegedly spreading cryptojacking malware which has been circulating since December 2017

Published by Claire Broadley

This is the latest in a long line of threats that affect Kodi users. In this case, the malware is designed to mine Monero, a cryptocurrency renowned for its strong privacy protection, which tends to make payments virtually untraceable.

The issue affects Kodi on Linux and Windows, but only if the problematic add-ons have been installed or pre-installed in Kodi. Users in the UK and USA are among the most frequently affected.

Users of Kodi are being reminded to only use official repositories for their add-ons.

The Spread of Kodi Cryptojacking Scripts

Kodi is popular with consumers of digital media. It can be used to play files that the user owns, or stream content from a range of other sources. By adding add-ons obtained through repositories, users can expand the number of media channels and sources available to them.

Cryptojacking scripts can take hold in Kodi by attaching themselves to the installation as a fake add-on. They can then silently use the processor power of the device to create cryptocurrency.

The main consequences for the unwitting Kodi user are increased stress on the host device, increased electricity usage, and potentially some damage or wear to the device as it heats up and works harder than usual.

Of course, Kodi can potentially be used to spread all kinds of nasty malware, but cryptojacking is increasing in popularity because it’s difficult to detect and potentially very profitable for the hacker.

How to Check for Malware in Kodi

In general, and if you’re sensible, Kodi is safe to use. The usual caveats apply about the places you get your data, and you should practice good device security.

If you’re new to Kodi, only ever download the installer file from an official source. This should protect you against obtaining a modified installer with malware baked-in from the point of installation.

Beyond that, most problematic Kodi add-ons are distributed through obscure repositories. These can contain weird and wonderful add-ons that promise highly sought after streams for Kodi, and you can easily install one of these and pick up malware without even knowing.

So if you want to expand Kodi, only download add-ons from official sources, no matter how tempting the others may seem. Steer clear of any repositories that contain unusual add-ons unavailable elsewhere. There’s a good wiki article on Kodi repositories here, from the official Kodi website.

There is no specific anti-malware or anti-virus for Kodi; your underlying operating system can handle that for you. So use a good quality anti-virus and anti-malware tool on every device you own that connects to the internet; don’t assume that software like Kodi is immune to infection. Make sure your tools scan all of your drives and directories, including the folders containing Kodi data, backups, and related media files.