Cloud Hosting

Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill.

Experts say the initial infection takes place when Raspberry Pi operators leave their devices' SSH ports open to external connections.

Once a Raspberry Pi device is infected, the malware changes the password for the "pi" account to:

$6$U1Nu9qCp$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

After this, Linux.MulDrop.14 shuts down several processes and installs libraries required for its operation, including ZMap and sshpass.

The malware then launches its cryptocurrency mining process and uses ZMap to continuously scan the Internet for other devices with an open SSH port.

Once it finds one, the malware uses sshpass to attempt to log in using the username "pi" and the password "raspberry." Only this user/password combo is used, meaning the malware only targets Raspberry Pi single-board computers.

Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices [Catalin Cimpanu/Bleeping Computer]

(Image: Evan-Amos, PD)

report this ad

Pity poor Turla, the advanced persistent threat hacking group closely associated with the Russian government who were outed yesterday for their extremely clever gimmick of using Britney Spearss Instagram account as a covert channel for controlling compromised computers in the field while protecting their command and control servers; today, Turla faces another devastating disclosure, a []

The independent, Congressionally mandated Health Care Industry Cybersecurity Task Force released its report last week, setting out their findings about the state of security in Americas health technology (very, very, very bad) and their recommendations (basic commonsense cybersecurity 101).

A key weakness in malicious software is the Command and Control (C&C) system: a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C servers address, and then shut it down or blacklist it from corporate routers.

If Apples AirPods are a bit too rich for your blood, or you know, youre an Android user, these discreet earbuds can be had for a fraction of the cost and will stay securely in place whether youre working out, commuting, or running between errands. Plus, with IPX4 water resistance, they can survive splashing water []

The QFX Elite Series of wireless speakers can be synced up to provide a perfect multi-room sound system, and each speaker (and all three together) are currently available at a discount price.The Elite Series iscompatible with any Bluetooth-capable device, and you can connect eachspeaker over WiFi for a wider reach and greater signal stability. Pair []

In Deception: Murder in Hong Kong, players must solve a grisly murder through collaborative deduction. One person plays the role of the killer, who carefully chooses what kind of evidence they leave at the scene of the crime. The killer tries to sabotage the investigation, while the forensic scientist attempts to reveal him or her []

report this ad

Read the rest here:
Linux worm turns Raspberry Pis into cryptocurrency mining bots ... - Boing Boing