HotHardware.com is reporting that there's a Linux malware in the wild that takes over Raspberry Pi devices and uses them to mine for cryptocurrency...
Linux.MulDrop.14 [scans] for RPis with an open (and default) SSH port, the "pi" user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself... to make digital money for someone else, namely the author or the malware, using your Raspberry Pi.
The article focuses on how much your power bill will go up in the course of making money for someone else due to the 100%-CPU-usage nature of mining software.
The existence of such a malware raises the question: Are there enough Raspberry Pi devices connected to the network, but not really monitored, such that there are enough to mine a single unit of cryptocurrency? ARM dev boards are not known for processing power, and the RPIs are no exception.
On the subject of default root passwords for devices intended to be connected to Internet, must this be the case with the RPI, or could they take the route of having an actually installable GNU/Linux instead of an image of an already installed system with insecure passwords?
(Score: 2) by frojack on Monday June 12 2017, @03:58AM
I can't imagine writing any malware trying to take over a Pi. Even if you hack half a million of them, you still don't have any crypto powerhouse at your disposal. They would all melt down if you put them to that much work. They need heat sinks [broadviewtech.com] for that kind of work.
That said I'm posting this from a Pi 3 Model B, which makes a passable web browser email reader chat platform. Its behind a router on cat5, and since it has wifi built in it is also serving as my backup wifi gateway in my office. Runs Chrome and Claws.
No, you are mistaken. I've always had this sig.