Or Kodi itself running as a user with more limited privileges?
As a more general comment on this thread, I just wanted to say thanks to all those who contributed - it’s been an interesting read. There are times I wonder if I’m too paranoid limiting what add-ons and packages I use across my home network but it appears not!
It’s the traditional trade-off between convenience and security.
Nevertheless, I think there is a case to be made for giving people the option of tightening security on their devices by means of a simple How-to. However, @sam_nazarko would need to advise on whether there would be any adverse consequences of moving user osmc into the sudo group and removing the NOPASSWD option.
BTW, if you investigate domains it’s trying to send data to, you can see the kozow.com one is a major malware domain.
And, based on “neconfirmat” only finding google hits as the romainan word for “unconfirmed”, it’s from a Romanian hacker.
Hope you wiped your device clean to the metal and re-installed from scratch. I wouldn’t even trust anything in your profile (in case it was installed via a python script in a plugin)
I couldn’t find much about this script from google searches, beyond that it sends data to a major malware domain. Which scares me a bit, since that could mean it’s something new.
Yes, I wiped the disk, rotated all the secrets that the malware could have gotten hold of, and reinstalled from the OSMC image + my own automation, which does not include a Kodi profile.