Raspberry Pi sours thanks to mining malware

Anti-virus vendor Dr. Web has found something nasty: malware named “Linux.MulDrop.14” that turns the Raspberry Pi into a cryptocurrency mining machine.

To catch the malware you'll need to leave your rPi on with SSH ports open. If you've done so and the malware's scripts make their way in to your Pi, they'll install zmap, sshpass and the mining code. The malware will also change the password for the username “Pi” to the impressively long...

\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

Once that's happened, the malware uses zmap and “searches for network nodes with an open port 22, after that it uses sshpass to log into them with the following login:password pair: pi:raspberry, and then—to save and run its copy.”

Dr. Web helpfully suggests using its products to scan for the malware. The Register reckons if the password for “Pi” suddenly stops working it may be easier to flash a new SD-card to run whatever Linux you prefer on your Pi and recover the data later.

However you decide to fix the problem, the existence of malware targeting the Raspberry Pi is acknowledgement that, with 12.5 million sold, it's a sufficiently common device to be worthy of the effort. It's also a little scary, as plenty of businesses have pressed the Pi into service.

Dr. Web doesn't explain which crypto-currency the malware mines, or whether it relies on single Pi acting alone or if it puts several machines in harness. The Register imagines the mining effort would be all-but futile without machines acting in concert, as the Pi is no powerhouse. ®