Gaia Team Announcement - Kodi Coin Miner Malware

[steven36]

 

Update 1

We are aware of the news that is making the rounds that there is a coin miner somewhere in our repo. We will look into this IMMEDTIATLY and keep you up to date on what is going on.

We are not yet sure where this originates from. Reports from Reddit and other sites indicate that one of the external addons in our "common" directory has some bad code in it. There are also a few other repos, including the XvBMC and the old Bubbles repo that are effected. As far as we can see this is still something left over Bubbles, but I'm not sure if that was added intentionally by him. From what we currently know, this addon is the culprit. If you have it installed, please remove it immediately:

script.module.python.requests

We also recommend running and AntiVirus scan just to be double safe. ZDNet also states that this only affects Windows and Linux, so Android users should be fine. This addon is not a dependency of Gaia and is also currently not in our repo. I think it was removed at some point when we updated the "common" addons and couldn't find its dependency. The main repo should be fine, however, the backup repos (2 & 3) might still contain old stuff. We haven't used them in a while and I'm not even sure if they still work. For now, stay away from any old Bubbles stuff and backup repos. We will also update the main repository to exclude the "common" directory. We will investigate each of those dependency addons to see if there is something fishy. We will leave the files on the repo for public investigation, but we will make sure that they are not pulled by Kodi updates.

I truly apologies for something like this happening, and there is absolutely no excuse for this. I'm the lead developer on this project, amongst a team of other devs. For those of you who worked with me (and also interacted with me on our ticket system) know that I am always dedicated to bringing the best to the Kodi community. I'm therefore extremely sorry that something like this happened under my watch. I'm the leader of the team and it is my responsibility to check everything that is committed. I was also not diligent enough when forking the stuff from Bubbles. I also have to admit that I updated the addons under the "common" directory by looking for the latest version on Google, without inspecting them before adding them to our repo. I will now go line by line through all those addons to make sure that they are not doing anything weird.

Just to reiterate again, the current Gaia addon and our Repo 1 are NOT affected by this, but you should get rid of:

script.module.python.requests All old Bubbles stuff Gaia repo 2 & 3 to be safe, there might be old Bubbles stuff in here

I will add all further announcements to our website as well, in case you want to completely uninstall Gaia and wait for news. I have a night shift that starts in a few hours, but I will get on this immediately afterwards. If you have any clues that can help in the investigation, please submit a ticket to our website, or use the email address at the bottom if you do not want to create an account on their.

 

Update 2

I have changed the password for the repo and locked out all other developers. I gave Bubbles access to the repo when we forked, but I can't remember if I changed the password. I also renamed the "common" directory. It should not be pulled from by Kodi anymore. Will investigate.

 

Source