Cryptocurrency mining malware has come a very long way over the past few years. Whereas Bitcoin used to be the center of attention in the beginning, this type of mining malware has expanded to include Dogecoin, Monero, Ethereum, and ZCash as well. However, the latest iteration of mining malware uses Raspberry Pi devices to mine coins. Not the most efficient approach, but it is still an interesting development.
RASPBERRY PI CRYPTO MINING MALWARE HAS ARRIVED
A lot of people have shown great interest in the Raspberry Pi devices. These pocket-sized computers are quite powerful and very affordable. Although they will not replace traditional desktops or laptops anytime soon, they make for appealing home theater devices, among other things. Every Raspberry Pi usually runs some form of the Linux operating system, although there is a slimmed down Windows 10 IoT version in the works as well.
Up until now, the Linux operating system has been relatively safe when it comes to malware. Criminals often only develop nefarious tools to harm Windows computers, with a few exceptions going after Apple users as well. This new variant of cryptocurrency mining malware is a Linux Trojan, which goes by the lackluster name of Linux.MuLDrop.14. It is also purposefully designed to attack Raspberry Pi devices and use the machine’s’ resources to mine cryptocurrencies.
As most people are well aware of, the Raspberry Pi is not the most powerful device by any means. It doesn’t have a powerful CPU or integrated graphics chip by any means. In fact, the device is entirely unsuited to mine cryptocurrency whatsoever. However, if you control a few thousand of these devices without having to pay for their electricity, things can start to look a lot better from now on.
It appears this new cryptocurrency mining malware has been around since May of 2017. It appears the Raspberry Pi devices are infected through the SSH protocol, assuming the device owner leaves this port open to external connections. That is the case more often than not, though, as a lot of people connect to their Pi over SSH. If the mining malware is installed successfully, it also changes the password of the standard account to a long string of characters.
It is quite interesting to see developers go out of their way to only target these smaller devices, though. Cryptocurrency mining on a cluster of Raspberry Pis will still not generate much income by any means. It is unclear which cryptocurrencies are mined exactly using this malware, though. It would take millions of enslaved devices to make even a dollar per day, which makes this entire effort not exactly worthwhile by any means.
The bigger problem is how this could signal an era of Linux-oriented malware. Considering many people feel Linux is the safest operating system, it is certainly possible criminals will try to prove them wrong. In the case of this mining malware, however, it appears victims can get rid of the malware by flashing the operating system again. There is no ransom demand to regain control over the device whatsoever. Still, it is quite a troublesome development, to say the least.
from Information Security Newspaper http://ift.tt/2t3g4UK