TV Addons – Crypto Mining Hack – (Update: Coder responds!)

[steven36]

If you have been using Kodi third party addons for any length of time, you cannot have missed the controversy that always seems to surround TV Addons and the antics of its owner, Adam Lackman.  In recent history there have been a number of high profile  repo “hacks” and if you think back a little further, there was the DDOS hidden in the popular Exodus add-on.

TV Addons Hack & Virus History

Exodus DDOS “bot”

So if you dont recall TV Addons hugely popualr Exodus add-on had some code added to it to DDOS attack another repo. This was in response to a clone or fork of the addon that TVA took exception against. This seems rather bizarre given the amount of forks that are flying around now! Here is a link to that article. Exodus Botnet We did remove a lot of the post – but heres some links showing the code and how it was added; Exodus DDOS code Target of DDOS

TVA & Indigo Repo Hijacks

So lets review the repo hijacks – hotly denied, but who else has a vested interest in force installing Indigo? All of the code basically forced the indigo tool as a dependency, so even if you didnt want it – TV Addons force install their software on your device. That in any other world is the definition of a virus. An unwanted software installation.

Exodus & Kodil Repo  Indigo Hijack

So TVA, Adam (or you may know him as Eleazar Coding), then resurrected Exodus after Lambda quit and TVA were shutdown (and then the whole “grassing other devs” scandal blew up ). However here are two combined stories from Sept 17 and Feb 18 – Adam pushed a modified Exodus update via the Kodil repo to infect even more devices with his software. Kodil Repo Hijack – Exodus 4.xx.xx Forcing TVA addons Indigo Install !

Entertainment Repo – Indigo Hijack

Using the same methods as described above – by copying the repo format from an old zip file – then duplicating the setup on github, you can instantly infect and access any device that still has the old repo's installed. This is a highly dubious practice and a malicious act aginst unwary users.   Read about this from March 18; TV Addons; Yet ANOTHER Virus!

Cyrpto Mining Botnet

UPDATE : 8th April 2018 – less than 24hours affter exposing this latest scam, they pulled the code. The evidence is still here: . Orginal Pair Tool Zip . The latest con-trick that TV Addons have employed is forcing traffic through a crypto mining botnet through one its new tools, ” the pairing tool”  – you can see this is advertised on their site here;

 

 

ts linked to a github repo – so the code is public and easily accessed – and with all the things TV Addons have done in the passed, they are passing this code on to countless other wannabe scammers who will employ underhand tactics to make money of you.  How much simpler this would have been to simply declare that a few seconds of your time is taken to help fund development? Too easy? Better to just lie and deceive people if you keep getting away with it right?

The Crypto Mining Redirect

If you look in the zip file on github ->  Download Here– you can open up the add.on.py yourself and see the following;

 

 

You can see that before you goto pair a video streaming site, you are redirected to a coinhive link – this is how your cpu/gpu is used to mine currency. This could affect your streaming – by slowing your device down whilst it uses CPU power to mine currency (very CPU/GPU intensive). This would be detrimental to phones or any mobile device, as it will consume a lot of battery power. The amount of CPU usage or battery drain is dependent on how the shortcut to Coinhive Javascript miner is setup – it could be lots or just a little, as there has been no admission of this or public announcment, we have no idea.

What TV Addons Say…

this was put to TV Addons's Adam Lackman via their twitter account earlier today, you can see their response here;

 

 

” the idea digusts us” – interesting response Adam, clearly you didnt check even when it was pointed out, perhaps your complicit and needed the cash?

Summary

Yet again TV Addons have been proven to be liars and a source of random infections, repo hijacks, ddos bots and now Crypto mining via its users devices without permission. We have said time and time again not to use TV Addons, Kodibae, Indigo and sundry other addons this guy has maliciously hijacked. Surely it would be simpler to be open and direct with users instead of the current wave of underhand and malicious activities. You never know, people may have supported the short cut redirects – but i guess you feared they would reject it and now you are embroiled in another scandal.  SMFH.

Update 8th April 2018 – Coder Comments

This was left in the comments of the post – so I am posting it, in its entirety and will add further comments in red.   I am Twilight0, a respectable developer from Greece. I do AliveGR, some other greek addons and yes I made the Pair Tool. OMG you guys are stupid, literally. Why are you creating this drama anyway? Just for the sake of drawing users into your website?

 

Well first off, Im not stupid, but if you wish to hurl personal insults, that is your right to do so. Creating drama? Im afraid you need to realise your actions and your crypto mining code created this “drama”.

 

1) Exodus DDOS: Lets not hide behind our fingers, it has been revealed that this was the action of just one developer which has long retired from the scene. What he did was justified imho. Enough of that… TVADDONS on their part had nothing to do with it.

 

This is part of the historic abuses of TVA – i could have gone further back and covered more, maybe discussed their addon blocker or pathetic overwriting other addons by being childish about Add-on IDS etc. If you create an umbrella organisation to benefit from the collective efforts of coders in order to profit from them,  via donations, affiliate sales and web ad sponsorship, then it is your repsonsibility to ensure that playform is safe and “vetted”.  Exodus has DDOS code, and it was distrubuted via TV Addons. What is not 100% clear about that? Now, justification? It is illegal to maliciously attack web based assets. What could be worse? Hijacking innocent end users to do your dirty work? So when anyone has a beef or disagreement (and god knows there are plenty of those in the Kodi school yard), its “justified” to DDOS someones websites or other assetts? Understood, that probably explains the attempts to access this website which is clearly evident in the logs and probably the numerous attacks in the past too.

 

2) Repo hijacks and “resurrections”: These actions were not made by any REAL member of the current or the past TVADDONS. Why do you even bother mention this as “virus” or hacks? Why are you not complaining to github headquarters for allowing the use of disabled usernames?

 

What is not obvious to you? All the repo hijacks had one significant commmonality. They all point to TV Addons. Not some random add-on or other repo either. They ALL force installed Indigo, the so called prize jewel in TV Addons self appointed Kodi crown. The thing thats rammed down everyones necks as the only way to install add-ons.  Why would anyone  goto all that trouble, to point to the same addon, knowing that the only thing that happens is TVA get more traffic, from his pop-up spam master?  Who beneifts from installing Kodibae? You know, the TVA “front” repo to house all the cloned add-ons and avoid further legal issues. Who else would benefit from installing Indigo? You're earlier comment, about being stupid? Look in the mirror. Maybe if Adam didnt have a track record for low ball actions,  giving up developer names (and previously his distribution chain for satellite IKS sales), then you might have a case to argue. We know the lies hes told and rumours hes spread. You know them too, dont you? So, the only likely source of all these repo hijacks is Adam and his desperate drive to restore his income streams. He must be feeling the pinch now Stream TV hub etc is not raking in $100,000's for him? Mind you hes had $42,000 donated recently? Maybe he could've dipped into one of his offshore accounts. Antigua were they? Panama perhaps?

 

3) And finally the “botnet mining tool” (LMAO). I developed this tool. The source code is publicly available yes, you can see how it works yes, exactly, that’s the point of having them publicly available in a MOST READABLE form. What’s wrong with it? I could heavily obfuscate if I wanted and all is well, but no… I wanted some stupid bloggers noticing about it and write unthoughtful articles. You can disable the coinhive links if you want from the options, its as simple as that.

 

So, its ok to fool users to make you money? This sounds like TV Addons tactics for sure. It is not acceptable to insert any kind of code that leverages end user devices to make money, without first getting consent. That by any other name is a virus, hijack, malicious activity, call it what you will. Its dishonest. If you had asked permission first, made it 100% crystal clear what you were doing and made it obvious to opt IN (and not opt OUT as you had set it),  then maybe there wouldnt have been the fuss and outcry from all the decent (and some not so decent lol) devs across the Kodi platform? Do you see all those people commeting and blocking TV Addons? Do you see the universal condemnation of your code and your ethics? It is clear that you wanted to sneak this under the radar, to deceive users into leveraging their devices to make you money via your javascript based crypto miner. Your blase attitude demonstrated in your response, shows your disrespect for Kodi users, and the community in general. I can only hope this serves to make you redress this contemptious attitude and show a little more respect. Its not that crypto miner is a bad thing or a bad idea, its that you flagrantly disregarded the need to ask user permissions to install or run this crypto mining code. Such was the deception your boss didnt know, looked a proper clown denying it on Twitter when the evidence and now, your admission that it was true. TV Addons as a group have disregarded users privacy and rights for a long time now, the few articles referenced are the tip of the iceberg. Its nothing new, but it will be exposed and users informed each and every time it happens. You contribution to their reputation via your disregard for end users serves only to further blacken their name.

 

 

Note; Im not linking to the infected pairing tool on Nsanefourms per the rules if you want to grab the tool for research you can grab  it  from the source .1: i can can confirm  that this tool uses  coinhive and was on by default but you could chose to turn it off after you figured out you were infected  and that TVA was linking to this addon tell they removed after some others found it .

 

Source

 

 

[steven36]

Also the DEV responsible  for putting  this code in this addon also had projects over at kodi.tv  the mods  there have took the correct precautions and deleted all his addons .
 

Quote

 

Twilight0 @TwilightZer0

LOL... look at this mess... all my addons' threads with 100% totally legit stuff were moved into garbage.

 

 

 

[Wilson Drake]

Well, Kodi has nothing to do with it it is just the 3rd party developers who are not regulated by any authority doing  this mining activity 

[steven36]

55 minutes ago, Wilson Drake said:

Well, Kodi has nothing to do with it it is just the 3rd party developers who are not regulated by any authority doing  this mining activity 

Well Kodi.tv use to host one of his addons in there repo   Montreal Greek TV  witch they had made and  official  addon no one said Kodi  had anything to do with it  but they use to have something to do with the person who done it  up tell they done it.  He has now apologized for it  he removed this addon with the  miner from  the  repo  hosted  on TVA already  but the idiot has now updated it were  the miner is off by default and  put the addon  in some private repo  its not on github  no longer . But still  Kodi want never allow him to post addons on there site anymore only 3rd party sites who are in it to monetize off kodi like TVA allows  his repo on there site now .

[mclaren85]

I think it is best to stay away from this tool isn't it?