Kodi Developers Warn Against Installing Third-Party (Malware-Ridden) Repositories

Last updated August 17, 2021
Written by:
Novak Bozovic
Novak Bozovic
Senior VPN Editor

Kodi is, without any doubt, one of the world’s most popular home theater applications. One of the reasons for this can be found in its high level of customization. Just like you would install an app on your smartphone, you can install different kinds of addons for Kodi – both from official and unofficial sources on the Web. However, as a recently published blog post reminds, Kodi’s developers are recommending you to exercise caution when installing addons and repositories.

As you can read in our Kodi Ultimate Guide, where we explain what to expect and how to use this application, there are two ways to install addons. Many Kodi users are not aware of this, so let’s remind you about these two procedures:

Now, here’s something very important. Even though repositories are the best way to install and update add-ons, they also pose a significant security risk. When repositories receive a new version of the addons you have installed, this update will be automatically distributed to your Kodi. In case this new addon includes malicious code or malware, you’ll end up with compromised files, and your device can quickly become infected. Let’s remind you that Kodi was recently plagued by cryptocurrency malware via addons like Bubbles and Gaia.

There’s also another critical issue with Kodi repositories. Long-term users probably have dozens, if not hundreds of repos installed on their Kodi. If a repository becomes obsolete or abandoned, nothing is stopping malicious individuals from obtaining that repository and distributing malicious scripts. Once again, Kodi will automatically update in the background, and you’ll get those malicious files automatically. Something similar had recently happened, with a hacker hijacking GitHub accounts of prominent Kodi add-on developers.

So, is there a way for you to protect your Kodi installation? Well, as per the blog post, Kodi’s development team thought about how to minimize all those risks. However, this is easier said than done. By employing safety precautions and disabling third-party repos, Kodi will also lose internal ‘beta’ repos, used for testing new builds, skins, official addons, and more. Therefore, it’s your responsibility to keep yourself safe.

Disable Kodi Automatic Updates

Make sure to disable automatic add-on updates.

We recommend you stay away from illegal addons. Instead, focus on legal Kodi addons only, and there’s quite a few of those (here’s how to use Kodi legally, in the first place). You can also disable automatic updates by going to Settings > System > Add-ons, and then select ‘Notify, but don’t install updates’ (on the right side of the ‘Updates’ field). Finally, you can also use a tool called ‘Addon-Check,’ which checks your addons for known problems and deprecations.

What kinds of safety measures do you use? Did you ever encounter malware via Kodi addons? Let us know in the comments section below, and don’t forget to follow us on Facebook and Twitter. Thank you!



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: