About this cryptocurrency-mining malware, as stated here:
Kodi add-ons responsible for cryptomining campaign
Ones Linux build might be infected due to these malicious Kodi dependencies;
script.module.simplejson (3.4.1) which imports: script.module.python.requests (2.16+). This 'fake fork' of the original script.module.requests runs connectionpool.py with malicious code that downloads an executable cryptominer.
The downloaded OS-appropriate binary downloader module should be located here, as stated in the earlier given url:
The Windows binary is written to
C:\Users\[username]\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrustedInstaller.exe, while the Linux binary is written to /tmp/systems/systemd
These Linux location isn't in LibreELEC?
Or is it innanother location?
With kind regards