Malware researchers at the Russian antivirus maker Dr.Web have discovered a new Linux trojan, tracked as Linux.MulDrop.14, that is infecting Raspberry Pi devices with the purpose of mining Cryptocurrency. It’s a bit surprising given the low power of the terminals.
Raspberry Pi revolutionized the PC world by providing developers and makers a relatively powerful tool at an affordable price. Success is unstoppable and cybercriminals are beginning to take an interest in this environment. This malware was detected in mid-May as a script containing a compressed and encrypted application. Security experts believe that infection occurs when Raspberry Pi users open SSH ports to external connections.
According to the site:
Linux Trojan that is a bash script containing a mining program, which is compressed with gzip and encrypted with base64. Once launched, the script shuts down several processes and installs libraries required for its operation. It also installs zmap and sshpass.
It changes the password of the user “pi” to “\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1”.
Once installed, Linux.MulDrop.14 blocks several tasks and installs different libraries like ZMap and sshpass. The malware then launches the crypto-currency mining process and activates ZMap to scan the Internet for other terminals with open SSH ports. If he finds one, he tries to log in using “Pi” as the account id and “Raspberry” for the password. Experts believe that Linux.MulDrop.14 is under test and that cybercriminals could make it evolve and target other devices. The best way to protect yourself is to change the default password.