Popular Kodi Addon ‘Exodus’ Turned Users into a DDoS ‘Botnet’

[shamu726]

Exodus is one of the most-used Kodi addons out there, allowing users to obtain easy access to pirated movies and TV-shows. However, over the past week the same users were unwittingly part of a DDoS attack. After the issue raised eyebrows in the community, the Exodus developer rolled back the malicious code and retired.

 

Millions of people use Kodi as their main source of entertainment, often with help from add-ons that allow them to access pirated movies and TV-shows.

 

One of the most popular addons is Exodus. The software is maintained by “Lambda,” who’s one of the most prolific developers in the community.

 

Exodus is widely praised as one of the most useful addons to access streaming video, including pirated movies and TV-shows. This prominent position also brings along quite a few adversaries, which recently led to an unusual situation.

 

Due to the controversial nature of his work, Lambda has always preferred to remain anonymous. However, he was recently confronted with some people who copied his work and/or threatened to expose his real identity. But instead of backing down, he launched an attack.

 

Roughly a week ago several lines of code were added to the Exodus plugin, which contacted external sites. While this is nothing new for Kodi addons, in this case the lines in question were targeting resources of Lambda’s adversaries.

 

Soon after people started to notice, complaints started rolling in accusing Exodus of creating a DDoS “botnet.” The Ares Blog mentioned the issue and a lively discussion started in the TV Addons forum, where the developer himself joined in defending his actions.

 

The offending code
 

 

Lambda says that he added the code as a countermeasure against people who he believes are trying to do harm or get him in legal trouble. The users themselves are not harmed by the code since they are simply trying to access another web source, he adds.

 

“Like I said they try to find my identity and give me legal trouble. I have no choice but to protect myself. If this won’t help me to defend myself I will retire from all these and focus on my legal addons,” the developer notes.

 

While some people sympathized with the move, Lambda eventually decided to make the “protection” feature optional. Still, that didn’t satisfy everyone and soon after the developer decided to throw in the towel and retire.

 

“I just couldn’t deal with all this stress anymore, I made bad decisions that I shouldn’t take and I am sorry about that,” Lambda explains in a formal apology.

 

“I think this is the time for me to leave, this whole thing is changing me as a person, so it’s time for me to take care of myself and leave this scene once and for all,” he adds.

 

TorrentFreak reached out to TV Addons repository which offers the Exodus addon, and they told us that the malicious code is no longer present. They are very unhappy with the incident and say they did their best to resolve the matter as swiftly as possible.

 

“The actions taken were inexcusable,” TV Addons’ Eleazar informed us. When they found out about the code, the developer’s repository was locked and they stress that “this situation is not being taken lightly.”

 

TV Addons has previously published a malicious code policy and says it takes an active stance against this type of abuse. As such, the team has taken it upon themselves to continue the development of Exodus, with Lambda’s approval.

 

“Moving forward, his addons will be maintained by another member of our team. TV ADDONS stands for the end user first, integrity is of our utmost concern,” Eleazar notes.

 

As for Lambda himself, he plans to continue his work on other projects.

 

“I want to thank everybody who stood by me all these years. It’s time for me to move on and I hope the team to take over my beloved addon. Take care everybody,” he concludes.

 

 

Source: TorrentFreak

 

[straycat19]

This just goes to show that you can't trust anybody these days.  For him to do what he did and possibly jeopardize others who were part of the botnet is pure insanity.  It should also make users wonder what other addons are doing that they don't know about.  Who is going to be the honest broker for all these addons, not only for Kodi but for other software also?

 

[SandStone]

.

[Xionic]

This came like a shock on all kodi community..the stupidity of the dev screwed this awesome tool

Good thing we have alternatives like aluc,eye candy and others

 

 

[luisam]

The price you MIGHT pay for "FREE" stuff.

Now, don't generalize! Not all free stuff is dangerous for you. Just be EXTREMELY careful.

[nsan3]

Makes everyone to keyboard away into as much codes as they can get their hands on and analyse them. Really need to have some tech by which such malpractices can be avoided in the future. Being extremely careful is the way indeed ahead as my friend @luisam has said.

 

The worst case scenario would be, innocent users who were made to fall prey into the attacker-botnet would get notices from the federal authority and get their property raided in the process. Really scary stuff here. 

[steven36]

On undefined at 10:06 AM, luisam said:

The price you MIGHT pay for "FREE" stuff.

Now, don't generalize! Not all free stuff is dangerous for you. Just be EXTREMELY careful.

i'm no fan of  streaming no way and i never tired this software but i can stream anything i want using nothing but open source stuff MPV ,Youtube-DL  and a add-on for Firefox  from streaming filehost .. I've not watched TV on a actual TV in years even though i have satellite and others in my family still watch TV but  that's why I have a wide screen 1080p monitor  .. i can even sign into my satellite provider and stream the same channels  we get on the TV legal  lol. But youre right stuff like this happens. before some of those free vpn witch were legit was truing people's pc into a botnet  and many IOT appliances are using a botnet too and they pay for those .

[Alanon]

Well, the information offered here is a bit misleading.

 

First off, it's not like the fellas who were being attacked were innocent folks that would report this to anyone, let alone the authorities. They were boxsellers, you know, those folks that are "killing kodi". It's not as if these people would complain to anyone, since they would first bring attention to themselves and their own business practices. They, unlike lambda, were making money off of it. According to the dev, they repeatedly stole his code and threatened to expose his identity, and apparently put his family at risk.

 

That's how the ball got rolling in the first place. There seems to be a lot of history behind the conflict which we are not privy to. lambda is hardly the devil, especially since he's the one who's been making awesome code for years. He's earned some respect for that, and I think both the media and community coverage of this whole situation has been one-sided. We can bicker and claim he put users at risk, but I can't really see how. He didn't spam the Pentagon, but a website that the Kodi dev's themselves claim is illegal, and that's forced to stay silent based on the nature of their actions.

 

Ultimately, Exodus will be worse off with him leaving, since that puts the tvaddons crew in charge.