Linux Malware Enslaves Raspberry Pi to Mine Cryptocurrency

Someone has developed a simple Linux trojan designed to harness the meager power of Raspberry Pi devices to mine cryptocurrency.

Raspberry Pi users may need to consider applying a recent Raspbian OS update to their devices, particularly if they are currently configured to allow external SSH connections.

According to Russian security firm Doctor Web, the malware "Linux.MulDrop.14" exclusively targets Raspberry Pi devices to use their processing power to mine a cryptocurrency.

Doctor Web discovered the Raspberry Pi mining malware after its Linux honeypot machine became infected with it. The malware uses a simple Bash script to attempt to connect to Raspberry Pi devices configured to accept external SSH connections. It targets Raspberry Pi boards with the default login and password, which are 'pi' and 'raspberry', respectively.

It then changes the password on 'pi' to '\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1'.

From there it installs the internet-scanning tool ZMap and the sshpass utility, and searches the network for other devices with an open port 22 to infect them.

Older Raspberry Pi devices may be more vulnerable to this malware if they haven't been updated in a while. The Raspberry Pi Foundation told ZDNet sister site TechRepublic that a Raspbian OS update released late last year turned off SSH by default and forced users to change the default password.

However, it warned that there could still be millions of Raspberry Pi boards that haven't been updated. Some 12.5 million of the single-board computers have been sold over the past five years, according to the official Raspberry Pi Magazine.

 

The malware doesn't try to mine for Bitcoin, whose 'difficulty level' is too high to mine cost-effectively, even for a massive network of PCs let alone Raspberry Pi devices.

 

However, there are numerous other cryptocurrencies that can be mined with less computational power. In 2014, malware writers experimented with Android malware to mine Dogecoins and Litecoins. Doctor Web's virus analysts said the Raspberry Pi malware mines Monero, a lesser-known, but increasingly popular cryptocurrency for dark-web drug markets.

 

Researchers in May discovered that a network of several hundred thousand PCs infected with the Adylkuzz mining malware, which used the same Windows exploit behind the WannaCry ransomware epidemic, had been toiling away on Monero blocks. At the time, Adylkuzz had generated about $43,000 over several months of mining activity.