ESET's analysis shows that the threat actor modified the metadata of the original add-on to instruct Kodi to download an add-on called 'script.module.python.requests' at version 2.16.0 or above.