Linux Malware Infects Raspberry Pi Devices Making Them CryptoCurrency Mining Zombies
If you're a Raspberry Pi user who's never changed the default password of the "pi" user, then heed this warning: change it. A brand new piece of malware has hit the web, called "Linux.MulDrop.14", and it preys on those who haven't secured their devices properly.
Linux.MulDrop.14 looks to be a simple piece of malware, but what it does wouldn't be acceptable by any RPi owner. After scanning for RPis with an open (and default) SSH port, the "pi" user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself.
The ultimate goal of Linux.MulDrop.14 is to make digital money for someone else, namely the author or the malware, using your Raspberry Pi. Because of the heavy workload nature of mining cryptocurrency, it essentially means that your RPi would be run at peak load 100% of the time, which equates to peak wattage. That of course amounts to added power consumption in your household, and thus a higher electric bill, not to mention degraded performance in whatever the primary task of your RPi originally was.
The real kicker is the fact that because your hardware running at peak load by someone else's doing means that you're paying money so that someone else can fill their digital wallet, adding insult to injury.
When malware like this rises to the surface, a common thought is that "hopefully the bug will be patched soon", but in this case, there's no real bug - it's just a matter of a password being left at its default. That said, there could be some initial warning after setting up an RPi to change that password, because not changing it, and having SSH open on a default port, means people are leaving web servers open for attack without even realizing it. And that perfectly explains why cryptocurrency-related malware is becoming so prevalent - it directly feeds someone's wallet, and for little effort, once it lands on a target device.