Those running Linux systems need to be aware of a new trojan that is making the rounds infecting the systems with Linux.MulDrop.14 which are infecting PI devices for the purpose of mining cryptocurrency.

Dr. Web, a Russian antivirus maker, spotted the malware in early May in the form of a script that contains a compressed and encrypted application.

The infection happens when Raspberry Pi operators leave their SSH ports open. Once infected, it changes the password to:

\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

The malware then installs libraries including ZMap and sshpass. Then it starts cryptocurrency mining and uses ZMap to continue to look for other devices with an open port.

If it finds an open port, it tries to log in using the username "pi" and the password "raspberry."

Source: Bleeping Computer