Malware researchers at the Russian antivirus maker have discovered a new Linux trojan, tracked as Kinux.MulDrop.14, that is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.
According to the Russian antivirus maker Dr.Web, the malware was first spotted online in May, the researchers discovered a script containing a compressed and encrypted application.
The Kinux.MulDrop.14 malware targets unsecured Raspberry Pi devices that have SSH ports open to external connections.
Once the Linux malware infects the device, it will first change the password for the “pi” account to:
Then the malware shuts down several processes and installs libraries like ZMap and sshpass that it uses for its operations.
The malware then starts a cryptocurrency mining process and uses ZMap to scan the Internet for other devices to infect.
Every time the Linux malware finds a Raspberry Pi device on the Internet it uses sshpass to attempt to log in using the default username “pi” and the password “raspberry.”
The malicious code only attempts to use this couple of values, this suggests the malware only targets Raspberry Pi devices. Experts believe the malware could be improved and could be used in the next weeks to targets other platforms.