Linux.MulDrop.14 is a Linux worm that seeks out networked Raspberry Pi systems with default root passwords; after taking them over and ZMap and sshpass, it begins mining an unspecified cryptocurrency, creating riches for the malware's author and handing you the power-bill.
Experts say the initial infection takes place when Raspberry Pi operators leave their devices' SSH ports open to external connections.
Once a Raspberry Pi device is infected, the malware changes the password for the "pi" account to:
After this, Linux.MulDrop.14 shuts down several processes and installs libraries required for its operation, including ZMap and sshpass.
The malware then launches its cryptocurrency mining process and uses ZMap to continuously scan the Internet for other devices with an open SSH port.
Once it finds one, the malware uses sshpass to attempt to log in using the username "pi" and the password "raspberry." Only this user/password combo is used, meaning the malware only targets Raspberry Pi single-board computers.
Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices [Catalin Cimpanu/Bleeping Computer]
(Image: Evan-Amos, PD)
Earlier this month, UK Home Secretary Amber Rudd idiotically insisted that “real people” don’t need encrypted messaging apps; but as foolish a statement as that was, there was a kernel of truth to it.
A group of researchers from Oxford and TU Berlin will present their paper, White-Stingray: Evaluating IMSI Catchers Detection Applications at the Usenix Workshop on Offensive Technologies, demonstrating countermeasures that Stingray vendors could use to beat Stingrays and other “cell-site simulators” (AKA IMSI catchers).
The $469 LockState RemoteLock 6i is a “smart lock” that is sold to Airbnb operators through a partnership with the company, allowing Airbnb hosts to generate and expire unique, per-tenant unlock codes.
The Pry.Me Bottle Opener holds tens of thousands of times its own weight, and you can pick one up now from the Boing Boing Store.This remarkable keychain is considerably smaller than any of your keys, but don’t let that fool you: it can easily open any bottle, and could even tow a trailer full of […]
Guaranteeing your privacy online goes way beyond checking the “Do Not Track” option in your browser’s settings. To ensure that your internet activity is totally hidden from Internet Service Providers, advertisers, and other prying eyes, take a look at Windscribe’s VPN protection. It usually costs $7.50 per month, but you can get a 3-year subscription […]
This project management bundle will help you get organized and learn how to lead a team to success. You can pay what you want for these five courses when you pick them up from the Boing Boing Store.To help you become an invaluable asset for your company, this bundle includes a curated collection of professional […]