The thought of the WannaCry ransomware attack is still very present in our memories but there is another round of targeted attacks affecting the popular low cost Raspberry Pi, this time using a different approach to make money out of it: mining cryptocurrency.
This malware is not taking advantage of any vulnerabilities in the Raspberry Pi, instead opting for a much simpler tactic: it looks for systems using the default access credentials (name: "pi" / password: "Raspberry"). This means that the risk will be virtually zero for all other Linux systems unless there is such a big fan of RPIs that he/she also used the same default credentials on other systems. ;P
Once it finds a machine it can enter, the malware then changes the password to something much more complicated:
\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1
If you have some Raspberry Pi accessible on the internet (or even only locally) you are once again advised to change the username and password for something completely different from the default pi/raspberry. Or else, don't complain if you find yourself locked out of your system and see it running hot at 100% CPU load even when it should be idling...
No comments:
Post a Comment