Kodi users have been warned about an issue affecting add-ons.
Research has suggested Kodi – which offers access to thousands of channels – is being used in more than five million UK homes.
Kodi software is not illegal, but unaffiliated developers can produce third-party add-ons that provide free access to pirated and illegal content.
These apps allow users to stream premium content, like paid-for sports, movie channels and TV shows for free.
These illegal add-ons have been targeted by ISPs, government agencies, broadcasters and rights holders.
And as the ongoing piracy crackdown rages on Kodi add-on fans have been dealt some important news.
Kodi fans need to be aware of an issue that could affect their favourite add-on.
Kodi add-on developers regularly host their tools on the US-based coding platform Github.
When developers sign up they’re given a unique URL which can be used to push out updates to users’ machines.
However, there is a loophole which allows add-on updates to be sent by a third-party that wasn’t the original developer.
As TorrentFreak noted in a post online, this issue was highlighted a few years ago.
Kodi add-on developer MetalKettle deleted his Github repo, but shortly afterwards a third-party signed up with the same username.
This allowed them to obtain the same aforementioned URL which allowed them to push out updates to Kodi fans using MetalKettle add-ons.
This would particularly be an issue if a previously-trusted URL got into the hands of a malicious third-party.
And this ‘hijacking’ of accounts has reared its ugly head again when popular repo 13Clowns got deleted by its developer.
But it was quickly re-registered and has been pushing out updates.
This update included a fork of the Exodus add-on and tools that originated from TVAddons, TF reported.
TorrentFreak have been informed that systems are in place to deal with this type of abuse on Github.
But in the meantime TVAddons have issued a strong statement on Twitter saying they’re not involved in this latest ‘hijacking’.
TVAddons tweeted: “Earlier this week, a lesser known #Kodi developer called #13Clowns allowed their repository to be ‘hijacked’, distributing a fork of Exodus along with our Indigo tool.
“We vehemently refute false claims made by haters saying we were involved.”
Alongside the tweet was an image of a lengthy statement from TVAddons.
In it they said: “We checked the code to the best we could and saw no sign of any actual malware.
“So aside from getting an unwanted Exodus update and the Indigo tool, no actual ‘damage’ was done.
“It is totally messed up and unethical, but the overall impact compared to risk was minimal.
“However, we strongly suggest that you delete the 13Clowns repository immediately.
“By doing this, there will be no chance of the developer pushing future updates”.