Wednesday, June 14th 2017

Linux Raspberry Pi Devices Being Infected by Cryptocoin "Mining Malware"

If you have your Raspberry Pi setup and have never changed the default password on the standard "pi" user, it's probably time to do so. A new malware has come out that exploits the simple fact several users apparently have never changed this password. Once it installs itself, it exploits the recent rise in value on cryptocurrency (Bitcoin recently topped $3000 per BTC) to mine cryptocoins for the authors benefit. This not only uses almost 100% of your poor Raspberry Pi's limited CPU, but also makes it part of a "mining botnet" that nets the controller money, adding insult to injury. The malware also makes an anonymous proxy on your box, which needless to say is probably not a good thing.
You might think you are safe behind a firewall, but with the rise of IPv6 on many ISPs and the fact that many older firewalls are not IPv6 ready, you may be surprised to find your SSH port is in fact exposed on the internet whether you know it or not via a global IPv6 address, NAT isn't a guarantee anymore, folks. It is in fact best to actually have a strong, non-default password on your box, even if it is just a little ARM-core.

Unfortunately, as Cryptocurrency rises in value and becomes more legitimate, it brings with it both positive, tangible benefits for society, and sadly, criminal fringe elements. I'd argue that the dollar is still the most widely used currency for criminal transactions, but there's more to it than that for certain. Maybe that's a topic for a future editorial? I don't know.

For now, just remember to always be vigilant in system security, as malware is sure to explode more than ever now that people have realized that they can make a profit on your misery. Source: BleepingComputer
Add your own comment

9 Comments on Linux Raspberry Pi Devices Being Infected by Cryptocoin "Mining Malware"

#1
R-T-B
Speaking as an experienced miner from ages past, they are almost certainly not mining bitcoin directly. They are mining one of the many CPU-minable coins around (which aren't really even worth electricity usually, but hey, they aren't paying) then trading them for bitcoin, and selling. This probably makes the perpetrators even harder to track since it crosses multiple currency boundaries.
Posted on Reply
#2
Readlight
On my raspberry3b i get problems whit instaling updates, error when shuting down, no internet conection, black srean, and my charger blowup.
Posted on Reply
#3
silentbogo
And that's when I thought I've heard everything... Crypto-infected raspberry pi :laugh:
You'd think it will be some kind of botnet for DDoS attacks, or scamming AdWords... but cryptomining?!
I'm wondering how many devices do you need to make any profit? 1K? 10K?
Posted on Reply
#4
R-T-B
silentbogo, post: 3676934, member: 141875"
I'm wondering how many devices do you need to make any profit? 1K? 10K?
Not a whole lot when your cost is 0.

Meaningful profit is another story. It must be fairly widespread to even get anywhere. I'd picture knowing CPU-mining values, 100 devices would probably pull in a buck or so a day minimum. So we can bet it's at least that.
Posted on Reply
#5
blobster21
Readlight, post: 3676930, member: 160019"
On my raspberry3b i get problems whit instaling updates, error when shuting down, no internet conection, black srean, and my charger blowup.
Where did youu buy it ? Are sure it's not a cheap copy ?
Posted on Reply
#6
Readlight
blobster21, post: 3676983, member: 2565"
Where did youu buy it ? Are sure it's not a cheap copy ?
Its orginal, all 10 euro chargers is shit and micro usb cables, only playstation haw good one.
Posted on Reply
#7
GreiverBlade
oh well, i am happy i got a Asus Tinkerboard instead, when i got rid of my RPi2 and 3 a while ago ...

the community is smaller than the RPi, the SOC is a less liked one (not liked by KODI/OSMC/LibreElec specifically) ... but hey ... got Android 6.0 and TinkerOS got some sweet updates recently ...

let's hope it does not come to the Tinkerboard (well as it is quite more powerful than a Pi3 ... that may tempt the malware author .... or not ... thanks to the smaller community :laugh: )

Readlight, post: 3677010, member: 160019"
Its orginal, all 10 euro chargers is shit and micro usb cables, only playstation haw good one.
i had the official Strontronic RPi charger (tho technically not a charger ... there is nothing to charg on a RPi unless you have a battery on it) and it was not "shit"... although mine did cost more 19€ than 10€ also 5V 2.5A is a minima for the RPi3 i hope your 10€ charger was not under these values, nor did i had any issues you had on my own Pi3
on the other hand when purchased 2 fake RPi3 on Gearbest and Aliexpress for testing purpose (real fake, faked from PCB to the Box, not BananaPi or OrangePi as these are not bad at all) i got some error on updates using Raspbian, heck even OSMC or Libreelec refused to install on it ... :D (thought the SOC was still a Broadcom2837)
Posted on Reply
#8
lexluthermiester
R-T-B, post: 3676916, member: 41983"
If you have your Raspberry Pi setup and have never changed the default password on the standard "pi" user, it's probably time to do so.
Such is a good rule of thumb anyway. With RPi based distro's people are not generally using them as a primary computing platform with all their personal info on them, so a simple password other than the default would be enough.
R-T-B, post: 3676916, member: 41983"
You might think you are safe behind a firewall, but with the rise of IPv6 on many ISPs and the fact that many older firewalls are not IPv6 ready, you may be surprised to find your SSH port is in fact exposed on the internet whether you know it or not via a global IPv6 address, NAT isn't a guarantee anymore, folks.
This is less of a problem than it seems. A simple solution is to turn off IPv6 altogether at the OS and Router levels. ALL ISP's have IPv4 tunneling and will continue to do so for at least the next decade as IPv4 is still very useful and prevalent in the world. IPv6 for the Internet is needed, but not in homes or small business'.
Posted on Reply
#9
R-T-B
lexluthermiester, post: 3677717, member: 134537"
This is less of a problem than it seems. A simple solution is to turn off IPv6 altogether at the OS and Router levels. ALL ISP's have IPv4 tunneling and will continue to do so for at least the next decade as IPv4 is still very useful and prevalent in the world. IPv6 for the Internet is needed, but not in homes or small business'.
It's not a huge problem, only a possibility I sought to point out.
Posted on Reply