Linux Worm makes Raspberry Pis into Cryptocurrency Mining Bots

The words "malware" and "Linux" don't belong in same sentence, but the latest strain known as Linux.MuDrop.14 has been infecting the Raspberry Pi devices. Infected machines were used to mine the cryptocurrency for the author of malware, and it has taken advantage of the poor security for generating money from nothing.

Linux.MulDrop.14, a Linux Trojan, is targeting previous versions of the Rasbian OS. It is a bash script which consists of cryptocurrency mining program that is compressed by using base 64 encryption and gzip.

Linux.MulDrop.14, a Linux worm, seeking out the networked Raspberry Pi systems having default root passwords; since taking them over sshpass and ZMap, it starts mining an unspecified cryptocurrency, thus creating riches for the author of malware and giving you power-bill.

Linux.MulDrop.14 works through scanning internet for the Raspberry Pi machines having open SSH port as well as the user password "pi" not being changed from the default. Betanews.com posted on June 11th, 2017, stating that having these conditions fulfilled, it is a very simple matter for malware to change password of the account, before installing sshpass and ZMap softwares, and then getting to work mining cryptocurrency.

The malware uses sshpass to try to log in using the username "pi" and the password "raspberry" on finding one. Only this combo of password/user is used which means that the malware only targets Raspberry Pi single-board computers.

The malware after these launches the cryptocurrency mining process, and then uses the ZMap for continuously scanning Internet for other devices having the open SSH port.

After finding one, malware uses the sshpass for trying to log in having username "pi" along with password "raspberry". This password/user combo only is used, which means that the malware simply targets the Raspberry Pi single-board computers.

Actions of the malware came into limelight after release of the Samba patch, which is related to all versions released after 2010. Using same flaw which could be exploited with the help of SMB protocol, the hacker could open pipe on the Samba servers and then execute the malicious code remotely.

Presently, actual scale of infection by this malware is not known. However, this news should warn the sys admins for updating their Samba software as well as make its systems immune from such attacks.

» SPAMfighter News - 6/14/2017