Linux malware installs crypto currency mining software on Raspberry Pi's

Originally published at:

Researchers from Russian antivirus vendor Dr. Web have found a new type of Linux malware that infects Raspberry Pi computers. The malware is called Linux.MulDrop.14. and it’s actively distributed since May this year.

Figure this would happen sooner or later…

Wow. Computer worms on ssh-enabled Raspberry Pies… an ironic combination of old-school malware on new-school devices.

A word of caution for anyone who uses ssh… don’t use a pre-set password of any user accounts, especially admin/root accounts. Make sure every device that runs ssh has a unique password. In fact, it might be good to use unique passwords even if you don’t use ssh.

Also, if your password has been changed, you could use another machine to change it again. On my OrangePi, I have an unstable build of Raspbian installed. I have never been able to figure out root password (it must be listed somewhere on, but I could never find it), so I hopped on my Ubuntu laptop, and made a backup copy of the /etc/shadow on said laptop. I then used the passwd command to change the root password to something unique. With that done, I used a text editor (running as the root user) to copy the encrypted password for user root on to the OrangePi’s memory card (assuming the memory card is mounted at /mnt, you can copy the line that starts with root from /etc/shadow to /mnt/etc/shadow). That said, I don’t have a RaspberryPi to test this on, but it should work.