Sergey Stelmakh
Posted: Thu Feb 13, 2025 4:31 am
Hackers Learn to Use Raspberry Pi to Mine Cryptocurrency
IncreaseLinux.MulDrop.14 is a bash script, in the “body” of which is a miner program
Linux.MulDrop.14 is a bash script, in the “body” of which is a miner program
Researchers from the antivirus company Dr.Web have discovered malicious activity that threatens owners of Raspberry Pi boards, and it poses a greater danger to older models, such as the Pi 2 and earlier. The peculiarity of the Linux.MulDrop.14 malware is that it forces single-board computers to mine cryptocurrency. As ZDNet writes, in this case we are not talking about Bitcoin, but about its derivatives. The fact is that mining requires large computing resources, while the Raspberry Pi is clearly not suited for this.
Linux.MulDrop.14 is a bash script with a miner program in its “body”. It is packed using the gzip compression utility, and its code is encrypted in base64 format. When it gets onto the victim’s computer, the south africa whatsapp data changes the password on the infected device to search for nodes with open port 22 is launched in the network environment. Having found them, the virus connects to them via the SSH protocol and tries to launch a copy of itself on them.
It is important to note that Linux.MulDrop.14 attacks Raspberry Pi users who use the default login and password set by the manufacturer - "pi" and "raspberry" respectively. The attackers are reported to use a single-package fast network scanner Zmap and the sshpass utility to detect open ports. According to the researchers, the hackers are well aware of the activities of antivirus companies and are able to bypass the so-called honeypot servers designed to detect traces of hackers or other hacker activity.
The Raspberry Pi Foundation, which manufactures the boards, told the publication that at the end of last year it released an update for the Raspbian OS that changed the initial configuration of the SSH port of the Pi 2 and other early models to the “disabled” status. Among other things, the update required changing the factory login and password to user ones. The Pi Foundation emphasized that timely updates to single-board PCs should protect users from the threat of infection with Linux.MulDrop.14. However, the number of users who ignored the update could be in the millions, says the Raspberry Pi developer. Board sales confirm these words: over 12.5 million boards have been sold to date.
IncreaseLinux.MulDrop.14 is a bash script, in the “body” of which is a miner program
Linux.MulDrop.14 is a bash script, in the “body” of which is a miner program
Researchers from the antivirus company Dr.Web have discovered malicious activity that threatens owners of Raspberry Pi boards, and it poses a greater danger to older models, such as the Pi 2 and earlier. The peculiarity of the Linux.MulDrop.14 malware is that it forces single-board computers to mine cryptocurrency. As ZDNet writes, in this case we are not talking about Bitcoin, but about its derivatives. The fact is that mining requires large computing resources, while the Raspberry Pi is clearly not suited for this.
Linux.MulDrop.14 is a bash script with a miner program in its “body”. It is packed using the gzip compression utility, and its code is encrypted in base64 format. When it gets onto the victim’s computer, the south africa whatsapp data changes the password on the infected device to search for nodes with open port 22 is launched in the network environment. Having found them, the virus connects to them via the SSH protocol and tries to launch a copy of itself on them.
It is important to note that Linux.MulDrop.14 attacks Raspberry Pi users who use the default login and password set by the manufacturer - "pi" and "raspberry" respectively. The attackers are reported to use a single-package fast network scanner Zmap and the sshpass utility to detect open ports. According to the researchers, the hackers are well aware of the activities of antivirus companies and are able to bypass the so-called honeypot servers designed to detect traces of hackers or other hacker activity.
The Raspberry Pi Foundation, which manufactures the boards, told the publication that at the end of last year it released an update for the Raspbian OS that changed the initial configuration of the SSH port of the Pi 2 and other early models to the “disabled” status. Among other things, the update required changing the factory login and password to user ones. The Pi Foundation emphasized that timely updates to single-board PCs should protect users from the threat of infection with Linux.MulDrop.14. However, the number of users who ignored the update could be in the millions, says the Raspberry Pi developer. Board sales confirm these words: over 12.5 million boards have been sold to date.