A Trojan has been discovered that infects the best-selling Raspberry Pi computer and turns it into a machine for mining cryptocurrency.
A Raspberry Pi is a brand of a single-board computer that, because of its size, has many uses from home automation to arcade machines to home lab servers. Two strains of the malware have been spotted. According to Bleeping Computer, the first one, Linux.ProxyM, spotted in Feb 2017 now has an estimated 10,000 hosts and the 2nd one is the Linux.Muldrop.14, spotted in the last half of May 2017. The Linux.Muldrop.14 trojan targets Raspberry Pi boards running older versions of the default Raspbian OS, according to Russian security firm Doctor Web.
Infected machines are used to mine cryptocurrency for the malware’s author, and it takes advantage of poor security to generate money from nothing. The Trojan is a Bash script which upon running once, changes the password on the device and then unpacks and launches a miner for the cryptocurrency Monero. It then begins trying to spread itself to other Pi’s on the local network, searching for devices with an open port 22 and connecting via SSH(secure shell).
Raspbian was updated towards the end of last year to switch off SSH by default and to force users to change the default password, blocking the mechanism the Trojan uses to spread itself.
Many Pi’s running older versions of the OS need to be protected from infection, due to routers blocking incoming connections over the internet. However, they would be vulnerable if the script were run on another device on their local network.
The creators have said that any user with a Pi dating right back to the original board released in 2012, can update to the latest version of the Raspbian OS to guard against the Trojan.
The good news is that the malware is fairly simple, and its spread is dependent on the laziness of Pi owners. The simple solution here happens to be — just changing the password for the “pi” user and the SSH port to something other than the default. Not leaving the SSH port open can also help. That’s all it takes to stop your Pi being used to line someone else’s pocket while also securing it against similar malware attacks that might not be quite so gentle on victims’ machines.