Linux Malware uses Raspberry Pi to mine Cryptocurrency!


What is Raspberry Pi?

A Raspberry Pi is a series of small computers having a single chip designed by the Raspberry Pi Foundation in the UK for the promotion of the basics of computer science in schools among the teenagers. Approximately more than 5 million Raspberry Pi devices have been sold by the Raspberry Pi Foundation before February 2015 and 11 million devices have been sold by the November 2016 as it is one of the best-selling British PC.

Warning: Are you a Raspberry Pi user? Have you changed your default password? If you didn’t yet, then do change it quickly. There is a Linux malware detected which infects the Pi devices for the purpose of mining cryptocurrency.

The malware is known as “Linux.MulDrop.14”. It hunts only those Pi devices on which the default password has not been changed. As the default password is not changed it means these devices are not secured properly. These devices are unsecured because these devices have SSH ports open to external connections.

What is Cryptocurrency?


A digital asset, anything that exists in a binary format and comes with the right to use, which has been designed to use as the medium of exchange using the techniques of cryptography for the security of transactions and to control the creation of additional units of currency is known as “Cryptocurrency”. Cryptocurrencies are the subset of digital currencies.

How does the Malware Infect the Raspberry Pi Devices

A Russian antivirus maker reveals for the first time, that the malware was detected online in May. A compressed and encrypted application was Discovered by the researchers.

Malware scans Pi devices with default ssh port (port 22), and if the port is open it logs into the device using the default password. It then change the default password to something else, so no one else can access the device meanwhile. Then several processes are being shut down by the malware and it than installs ZMap and SSHPass libraries for its operations and configures itself.

After that, the malware starts the process of mining cryptocurrency and use the ZMap library to find out the other Raspberry Pi devices which can be infected by this malware on the internet. Once it finds a new device on the internet, then by using SSHPass library, it tries to login using the default username and password i.e. “pi” and “raspberry” respectively.

A definitive objective of Linux.MulDrop.14 is to profit for another person, to be specific the creator of the malware, utilizing your Raspberry Pi devices. As a result of the substantial workload nature of mining cryptographic money, it basically implies that your Raspberry Pi devices would keep running at heightened load of 100% all the time, while it is running at 100% load it will also consume more electricity and more electric bill for the owner of Pi device, plus owner might not even be able to use Pi devices and perform his/her tasks because of Pi device already being used with 100% CPU power.

Protection of Raspberry Pi Devices From the Linux Malware

Whenever a malware is detected, patch is realeased as soon as possible. However in the situation of “Linux.MulDrop.14” there is no actual bug, it is simply an issue of default password which is left unchanged on Raspberry Pi devices and these devices get infected by the linux malware as these devices have the SSH ports open to the external connections.

For the protection of Pi devices, it would be great if people just change their default password as soon as they first use their device. Because if you do not change it, and you have an open SSH port listening for connections, than it means you are leaving your  Pi devices open for attack without even realizing it. As it is not costly to change the password so do change your Pi device password very quickly and work in a peaceful way ahead. 🙂


Leave a Reply