Linux Malware Infects Raspberry Pi Devices And Makes Them Mine Cryptocurrency

An anonymous reader quotes Hot Hardware: If you're a Raspberry Pi user who's never changed the default password of the "pi" user, then heed this warning: change it. A brand new piece of malware has hit the web, called "Linux.MulDrop.14", and it preys on those who haven't secured their devices properly... After scanning for RPis with an open (and default) SSH port, the "pi" user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself. The ultimate goal of Linux.MulDrop.14 is to make digital money for someone else, namely the author of the malware, using your Raspberry Pi.

Is this even worth it?

[ArylAkamov]

I know very little about cryptocurrency aside from having 20 bitcoins when it was new and losing the wallet with a reformat (Yes, I hate myself).

This really doesn't seem worth the risks to develop and deploy, given the processing power and the number of units you would need to infect. Then again, I might be underestimating the number of vulnerable devices. I'd love for someone who knows more than me to chime in and give their thoughts.

Re:Is this even worth it?

[thegarbz]

This really doesn't seem worth the risks to develop and deploy

Risk is a combination of severity of consequence and a likelihood of it occurring. Raspberry Pis that are networked and have their default user names and passwords will generally not be in a position where the impact of this malware may be discovered and likely owned by users who don't have the ability to understand what's going on.

The risks in this case are very low. The reward is low too, but that's kind of beside the point. I myself have one raspberry pi in the house that I would never be able to tell if it were part of a botnet. My media centre box may show it slightly if I noticed performance issues but then Linux is good at prioritising so even then I'm not sure I'd notice it.

Re: Is this even worth it?

[KGIII]

I cheated and RTFA. Please don't hold it against me. Basically, the article says, "If you're functionally retarded, this could happen under a very limited set of circumstances."

My comment history shows I am biased towards Linux but not a zealot. This is a problem if you're stupid. That's about it. Even stupid people are pretty well protected, as they are behind a NAT that disallows ingress.

I have some Pi (pies?) so I looked at the article. Sorry... You'd have to expose it to the net AND keep default passwords the same. Then, maybe, if will effect you but only if you have those services running.

I am trying to not minimize this but, really, it is a wee bit silly. Maybe I am missing something?

Re: Is this even worth it?

[maple_shaft]

In my opinion no. Having expiremented with creating a Pi miner for Litecoin, back before ASICs existed for mining Scrypt algo, I got an abysmal hashrate of 0.2MH, and that was with overclocking on a Model B. To put into more perspective I had a cheap second hand Radeon graphics card on my desktop that got hundreds of times better hashrate. When mining 24/7 on a pool I would still only get about .5 LTC which was worth scarcely a few dollars at the time. Now that is worth about $15 today though. Pis make terrible miners.

Re: Is this even worth it?

[adam.voss]

I'd be most concerned about other products that use a Raspberry Pi internally. Can't be sure if the maker secured the thing and the consumer of these are likely to be less tech savvy and may not even know about the security concerns.

Re: Is this even worth it?

[petermgreen]

The problem is threefold.

1. The raspberry pi foundation decided to enable ssh by default on their raspbian image despite a number of us telling them that it was reckless. They eventually back-peddled on this for later images but not before there were loads and loads of existing installations out there.
2. There are still end-user networks out there, particularly in academic settings that are largely open to the internet.
3. They have sold millions of Pis

Put all those together and you have a sufficient pool of Pis out there running ssh servers on the open Internet and accepting a login of pi/raspberry to be worthwhile for script kiddies to target.

So... not "Linux malware" afterall

[franzrogar]

It's the same as saying that if you have an app with internet access and you left the default passwords (imagine one of e-commerce).

It's the user's fault and program's bad design (it should create a random pass on first install, never a "default" one).

Re:So... not "Linux malware" afterall

[techno-vampire]

No, it shouldn't create a random password when you install it. Part of logging in for the first time should be a mandatory password change, leaving as little time for something like this as possible. And, remote access should be disabled until after the password has been changed.

Re:So... not "Linux malware" afterall

[thegarbz]

It's the same as saying that if you have an app with internet access and you left the default passwords (imagine one of e-commerce).

Yes because when a Windows user purposefully executes malware and it takes over the system it's all Window's fault, but when a Linux user permits the same thing it's not Linux at all.

Sorry but you don't get to laugh at Microsoft's attempts at limiting the user's ability to accidentally execute malware and excuse a Linux OS for something as mindbogglingly stupid as not prompting the user for a username and password during setup.

Malware is malware. Linux is Linux. This is by every definition of the word Linux Malware. Whether it's assisted by stupid users or stupid designers is irrelevant.

Get Rich Slowly...

[Powercntrl]

I'm not too familiar with the Raspberry Pi, but a cursory view of the specs tells me even a huge botnet of 'em still wouldn't make you wealthy through mining crypto any sooner than the heat death of the universe. Most crypto mining these days is done on specialized hardware or large banks of high-end video cards. Seems to be the reason why most malicious software intent on acquiring wealth through Bitcoins simply encrypts your files for ransom.

Re:Get Rich Slowly...

[religionofpeas]

Depends on what cryptocurrency they are mining, how suitable the Pi is for that, and what the value of that currency is.

Take bitcoin for example. One PI can do about 0.2 Mhash/second. A botnet consisting of 1 million devices can mine about $6.50 in a month. And you don't even get to keep all that, because a million devices mining will produce a great deal of very small transactions, which take up a lot of space in the blockchain, and you'll have to pay quite a large transaction fee. You'd be lucky to keep half of that money.

Instead of the developing the malware, you could make more money as a Walmart greeter.

Re: Lol

[KGIII]

I don't know who you are, but I kinda love you. Seriously, keep people off Linux. I kinda like it here.

Re:$1 / month for each Raspberry Pi 3

[religionofpeas]

10 H/s of XMR yields about $1.10 per day [cryptocompare.com].

I'm only getting $1.05 per month, using 1W power consumption.