When it comes to mining cryptocurrencies cybercriminals look to use every bit of processing power they can, including the diminutive Raspberry Pi computer.
Dr. Web researchers spotted a trojan dubbed Linux.MulDrop.14 that is exclusively targeting the mini computers and slaving them to mine various cryptocurrencies, but not Bitcoin, which would take more computational power than the little computers can supply. Other digital currencies such as Monero, Dogecoins , and Litecoins require less power and are likely possible targets of the malware.
“Linux Trojan that is a bash script containing a mining program, which is compressed with gzip and encrypted with base64,” researchers said in a June 6 blog post. “Once launched, the script shuts down several processes and installs libraries required for its operation.”
The trojan also installs zmap and sshpass and changes the password of the user “pi” to “$6$U1Nu9qCp$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1”.
The trojan then searchers for network nodes with an open port 22 after using sshpass to log into them with the following login:password pair: pi:raspberry, and then—to save and run its copy, all within an infinite loop using zmap.
Earlier this week, researchers developed a proof of concept attack using Raspberry Pi devices to compromise networks and seal admin credentials.