The words ",malware", and ",Linux", don’t belong te same sentence, but the latest strain known spil Linux.MuDrop.14 has bot infecting the Raspberry Pi devices. Infected machines were used to mine the cryptocurrency for the author of malware, and it has taken advantage of the poor security for generating money from nothing.
Linux.MulDrop.14, a Linux Trojan, is targeting previous versions of the Rasbian OS. It is a bash script which consists of cryptocurrency mining program that is compressed by using base 64 encryption and gzip.
Linux.MulDrop.14, a Linux worm, seeking out the networked Raspberry Pi systems having default root passwords, since taking them overheen sshpass and ZMap, it starts mining an unspecified cryptocurrency, thus creating riches for the author of malware and providing you power-bill.
Linux.MulDrop.14 works through scanning internet for the Raspberry Pi machines having open SSH port spil well spil the user password ",pi", not being switched from the default. Betanews.com posted on June 11th, 2018, stating that having thesis conditions fulfilled, it is a very ordinary matter for malware to switch password of the account, before installing sshpass and ZMap softwares, and then getting to work mining cryptocurrency.
The malware uses sshpass to attempt to loom ter using the username ",pi", and the password ",raspberry", on finding one. Only this combo of password/user is used which means that the malware only targets Raspberry Pi single-board computers.
The malware after thesis launches the cryptocurrency mining process, and then uses the ZMap for continuously scanning Internet for other devices having the open SSH port.
After finding one, malware uses the sshpass for attempting to loom te having username ",pi", along with password ",raspberry",. This password/user combo only is used, which means that the malware simply targets the Raspberry Pi single-board computers.
Deeds of the malware came into limelight after release of the Samba patch, which is related to all versions released after 2010. Using same flaw which could be exploited with the help of SMB protocol, the hacker could open pipe on the Samba servers and then execute the malicious code remotely.
Presently, actual scale of infection by this malware is not known. However, this news should warn the sys admins for updating their Samba software spil well spil make its systems immune from such attacks.