Monday, June 12, 2017

Malware turns Raspberry Pi into coin mining machines

The thought of the WannaCry ransomware attack is still very present in our memories but there is another round of targeted attacks affecting the popular low cost Raspberry Pi, this time using a different approach to make money out of it: mining cryptocurrency.

This malware is not taking advantage of any vulnerabilities in the Raspberry Pi, instead opting for a much simpler tactic: it looks for systems using the default access credentials (name: "pi" / password: "Raspberry"). This means that the risk will be virtually zero for all other Linux systems unless there is such a big fan of RPIs that he/she also used the same default credentials on other systems. ;P

Once it finds a machine it can enter, the malware then changes the password to something much more complicated:
  • \$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1
Afterwards begins its double edged approach: it starts to mine digital currency Monero (a sort of more anonymous Bitcoing); and on the other hand will search the internet for more Raspberry Pi that it can infect and add to its mining pool.

If you have some Raspberry Pi accessible on the internet (or even only locally) you are once again advised to change the username and password for something completely different from the default pi/raspberry. Or else, don't complain if you find yourself locked out of your system and see it running hot at 100% CPU load even when it should be idling...

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store