A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.
According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.
Experts say the initial infection takes place when Raspberry Pi operators leave their devices' SSH ports open to external connections.
Once a Raspberry Pi device is infected, the malware changes the password for the "pi" account to:
$6$U1Nu9qCp$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1
Full Article.
