A Russian security site Dr.Web has discovered a new malware called Linux.MulDrop.14 which is striking Raspberry Pi computers.
While examining the two different Pi-based trojans-including Linux.MulDrop.14. They found a trojan that uses Pi to mine BitCoins some form of crypto currency. However, the another trojan sets up a proxy server.
According to the website:
"Linux Trojan that is a bash script containing a mining program, which is compressed with gzip and encrypted with base64. Once launched, the script shuts down several processes and installs libraries required for its operation. It also installs zmap and sshpass.
It changes the password of the user “pi” to “\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1”.
The malware is programmed to search for network machines which have open port 22, and then it tries to log in using the default Raspberry Pi credentials.
According to the reports of Hackaday (http://hackaday.com), "Embedded systems are inviting target for hackers. Sometimes it is for the value of the physical system they monitor or control. In others, it is just the compute power which can be used for denial of service attacks on others, spam, or — in the case — BitCoin mining. We wonder how large does your Raspberry Pi botnet needs to be to compete in the mining realm?"
The users should change their default passwords on their Pi, so to avoid any kind of problem. And it is advised that users must use two-factor authentication.