Raspberry Pi Infected With Trojan
Posted by: Timothy Weaver on 06/07/2017 02:55 PM
[
Comments
]
Those running Linux systems need to be aware of a new trojan that is making the rounds infecting the systems with Linux.MulDrop.14 which are infecting PI devices for the purpose of mining cryptocurrency.
Dr. Web, a Russian antivirus maker, spotted the malware in early May in the form of a script that contains a compressed and encrypted application.
The infection happens when Raspberry Pi operators leave their SSH ports open. Once infected, it changes the password to:
\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1
The malware then installs libraries including ZMap and sshpass. Then it starts cryptocurrency mining and uses ZMap to continue to look for other devices with an open port.
If it finds an open port, it tries to log in using the username "pi" and the password "raspberry."
Source: Bleeping Computer
Dr. Web, a Russian antivirus maker, spotted the malware in early May in the form of a script that contains a compressed and encrypted application.The infection happens when Raspberry Pi operators leave their SSH ports open. Once infected, it changes the password to:
\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1
The malware then installs libraries including ZMap and sshpass. Then it starts cryptocurrency mining and uses ZMap to continue to look for other devices with an open port.
If it finds an open port, it tries to log in using the username "pi" and the password "raspberry."
Source: Bleeping Computer
Comments
