The Raspberry Pi ecosystem has made super-small computing a low-cost reality, but a recent trojan has been discovered that turns it into a data mien for cryptocurrency.
The Linux MulDrop.14 is the culprit and it targets Pi boards running older versions of the Raspbian OS. It contains a compressed and encrypted application to mine currency, and changes the password on the devices it infects. Once the password is changed, the miner is unpacked and launched before it goes on an infinite loop searching for network nodes with an open port 22. Once a connection is established, the trojan will attempt to run a copy of itself.
Those running Pi boards purchased in the past year, or who have the latest version of the default Raspbian OS should be okay. It was updated towards the end of last year to switch SSH off by default and forced users to change the default password – eliminating the chance of infection. Many older Pis should be okay due to routers blocking incoming connections, but they would still be vulnerable if the script was running on another device on their local network – so owners with a wide variety of PIs in the household should be careful.
With over 14 million Raspberry Pi boards sold, it does make these devices an easy target and given how quickly the devices have become hobbyist dream devices, it’s a bit surprising that it took this long for major issues to be found. Anyone who is worried can easily upgrade to the newest version of the OS, and fortunately, the devices being low-powered does minimize the harm that a single Pi can do.
It would take several Pis to really mine currency well – meaning that would need to infect several of them within either a single network or a variety of them to get any work done.
Source – Doctor Web