A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.
According to Russian antivirus maker Dr.Web, the malware wasgoed very first spotted online te the 2nd half of May te the form of a script that contains a compressed and encrypted application.
Experts say the initial infection takes place when Raspberry Pi operators leave their devices` SSH ports open to outward connections.
Once a Raspberry Pi device is infected, the malware switches the password for the ",pi", account to:
Malware targets only Raspberry Pi devices
After this, Linux.MulDrop.14 shuts down several processes and installs libraries required for its operation, including ZMap and sshpass.
The malware then launches its cryptocurrency mining process and uses ZMap to continuously scan the Internet for other devices with an open SSH port.
Once it finds one, the malware uses sshpass to attempt to loom te using the username ",pi", and the password ",raspberry.", Only this user/password combo is used, meaning the malware only targets Raspberry Pi single-board computers.
This is somewhat out of the ordinary since most malware attempts to target spil many platforms spil it can. Nonetheless, this version of the malware may be still under development, and other username &, password combos may be added at a straks date.
Still better than Mirai
Most users would dismiss the idea of using Raspberry Pi devices to mine for cryptocurrency, which is a very computational-heavy operation.
While Raspberry Pi single-board computers do have some hardware resources at their disposition for the task the malware is attempting to perform, they are not spil powerful spil classic desktop or laptop computers, and nowhere near the efficiency of dedicated mining equipment.
Nevertheless, people have used Raspberry Pi devices to mine for cryptocurrency te the past, with moderate success.
Either way, Linux.MulDrop.14 is certainly more tooled for the task at palm compared to a version of the Mirai IoT malware spotted te mid-April, which also attempted to mine for cryptocurrency for a brief period of time.
At the time, Errata Security researcher Robert Graham estimated that if a Mirai botnet of Two.Five million bots mined for cryptocurrency, it would be earning only $0.25 vanaf day because of the low computational power of the devices Mirai is capable of infecting (usually security cameras, DVRs, routers, and other IoT equipment).
Linux malware used to create a proxy network
Last but not least, Dr.Web researchers also said they discovered a 2nd Linux malware strain, which they named Linux.ProxyM.
Spil this malware`s name implies, this Linux trojan is used to commence a SOCKS proxy server on infected devices, which the trojan`s author then uses to relay malicious traffic, disguising his real identity and location.