The researchers found a mine in the raspberry class of malware – Penetration Testing

Russian anti-virus software company Dr.Web recently discovered a specific raspberry-based Linux malware for virtual currency mining behavior. This malware uses an script to scan an open 22 port and connect to SSH using a raspberry default account password. As the older raspberry device default SSH account and password are public, so when the malicious software to open the 22 port can be connected to open.

In order to improve the security Since the end of last year began shipping new version of the raspberry device has been closed by default SSH and forced users to change the account and the default password. However, the older raspberry device does not update its system so the account password is still the default, which makes targeted malware available. Raspberry sent the official said at least the world at least millions of raspberry equipment did not take the initiative to upgrade to the official release of the latest version of the raspberry operating system.

Malware behavior:

When Linux.MulDrop.14 successfully infected raspberry equipment will download other ancillary software to tap the current existence of a variety of virtual currency (mining). Although the current virtual currency leader is the market price has reached 20,000 yuan of Bitcoin, but because of the difficulty of mining is so large and malicious software is not excavated. Even a very large raspberry botnet is used to dig out the bitcores and there is not much revenue, so malware is turning to the cottage with low digging.

When in 2016 a well-known player loud nest to see (former Thunder look) to secretly install software on users’ computers mining excavation Ethernet Square to the ETC . And some malware even fancy Android devices using a huge Android device to tap other types of cottage for sale and profit.

Preventive solution:

Users solve this problem for the solution is actually very simple, the vast majority of users may not use the external SSH connection can be directly closed. At the same time in any case the user should modify the default account password to prevent being blasting, of course, for the sake of security upgrade version is the most important thing. Users who use raspberry factions can choose to update them directly in the system. After updating, the system will force users to change their default account and password.

The post The researchers found a mine in the raspberry class of malware appeared first on Penetration Testing.


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair /  Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair /  Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair /  Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair /  Alterar )


Conectando a %s