Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review
MSI Radeon RX 6950 XT Gaming X TRIO review
MSI Radeon RX 6750 XT Gaming X TRIO review
MSI Radeon RX 6650 XT Gaming X review
Deepcool AS500 PLUS CPU Cooler Review
Kioxia Exceria Pro 2 TB M.2 NVMe SSD Review

New Downloads
HWiNFO Download v7.24
GeForce 512.77 WHQL driver download
Intel HD graphics Driver Download Version: 30.0.101.1960
AMD Radeon Software Adrenalin 22.5.1 WHQL driver download
3DMark Download v2.22.7359 + Time Spy
Prime95 download version 30.8 build 15
AIDA64 Download Version 6.70
PCMark 10 Download v2.1.2556
GPU-Z Download v2.46.0
Display Driver Uninstaller Download version 18.0.5.0


New Forum Topics
Nvidia 516.01 DEV Driver / Cuda Toolkit 11.7 AMD Software Preview Driver May 2022 driver download and discussion Intel Arc desktop graphics cards from Intel are further delayed (could be September at the earliest) AMD FidelityFX Super Resolution 2.0 - Deathloop preview AMD Zen 4 CPU with 5.2 GHz Boost and RDNA 2 iGPU surfaces [3rd-Party Driver] Amernime Zone Radeon Insight 22.4.1 WHQL Driver Pack (P/V/N 22.5.1 ...) Make graph choice list easier to rearrange Sony WH-1000XM5 wireless headphones get the latest noise canceling technology RDNA2 RX6000 Series Owners Thread, Tests, Mods, BIOS & Tweaks ! Wrappers, fix Low FPS




Guru3D.com » News » New Linux Trojans installs crypto currency mining software on Raspberry Pi

New Linux Trojans installs crypto currency mining software on Raspberry Pi

by Hilbert Hagedoorn on: 06/09/2017 07:41 AM | source: | 18 comment(s)
New Linux Trojans installs crypto currency mining software on Raspberry Pi

Researchers from Russian antivirus vendor Dr. Web have found a new type of Linux malware that infects Raspberry Pi computers. The malware is called Linux.MulDrop.14. and it’s actively distributed since May this year.

The malware scans for Raspberry Pi devices that are accessible through SSH port 22. When it has found a victim it tries to login using the default username and password.

Doctor Web security researchers have examined two malicious programs for Linux. One of them installs a cryptocurrency-mining application on the devices it infects, and the other runs a proxy server. The first of the two was added to the Dr.Web virus databases under the name Linux.MulDrop.14. This malicious program attacks only Raspberry Pi minicomputers. Criminals started distributing Linux.MulDrop.14 in the second half of May.

The Trojan is a script that contains a compressed and encrypted application designed to mine cryptocurrency. Linux.MulDrop.14 changes the password on the devices it infects, unpacks and launches a miner, and then, in an infinite loop, starts searching for network nodes with an open port 22. After establishing a connection with them via the SSH protocol, the Trojan attempts to run a copy of itself on them. The other Trojan was named Linux.ProxyM. Attacks involving this Trojan have been noted since February 2017 but peaked in late May. The below chart shows how many Linux.ProxyM attacks Doctor Web specialists have pinpointed: graph #drweb A significant portion of the attacked IP addresses is located in Russia. In second place is China, and in third place—Taiwan.

ProxyM attacks have been launched: graph #drweb The Trojan uses a special range of methods to detect honeypots—special decoy servers used by digital security specialists to examine malicious software. Once launched, it connects to its command and control server and, after getting confirmation from it, runs a SOCKS proxy server on the infected device. Cybercriminals can use this Trojan to ensure that they remain anonymous online. Both of these Trojans are successfully detected and removed by Dr.Web products for Linux, and, therefore, they pose no threat to our users.

  • More about Linux.MulDrop.14
  • More about Linux.ProxyM


New Linux Trojans installs crypto currency mining software on Raspberry Pi New Linux Trojans installs crypto currency mining software on Raspberry Pi




« Video: Middle-earth Shadow of War Story Trailer · New Linux Trojans installs crypto currency mining software on Raspberry Pi · Payday 2 is Free to Own on Steam (for a Limited Time) »

4 pages 1 2 3 4


Raplapla
Member



Posts: 31
Joined: 2016-12-16

#5440684 Posted on: 06/09/2017 01:37 PM
Thanks for the news, it’s interesting to know about Linux viruses (as a Linux user myself). But I don’t think many people who run an internet-accessible ssh server with the default login and password read guru3d ;).

Ghosty
Senior Member



Posts: 6523
Joined: 2003-07-23

#5440686 Posted on: 06/09/2017 01:40 PM
It's nice that they named it Linux. To avoid any confusion.... Default username and password? Does such a thing exist? Interesting read though. Thanks.

scoter man1
Senior Member



Posts: 4858
Joined: 2008-12-09

#5440701 Posted on: 06/09/2017 02:12 PM
It's nice that they named it Linux. To avoid any confusion.... Default username and password? Does such a thing exist? Interesting read though. Thanks.


On the Raspberry Pi, yes. It's always User = rasberry, password = pi.

It's honestly pretty brilliant. Target linux newbies that have no idea of what they are doing.

Extraordinary
Senior Member



Posts: 19562
Joined: 2010-04-21

#5440705 Posted on: 06/09/2017 02:18 PM
On the Raspberry Pi, yes. It's always User = rasberry, password = pi.


Other way around I think, User - pi, Pass - raspberry

RealNC
Senior Member



Posts: 3669
Joined: 2011-11-24

#5440723 Posted on: 06/09/2017 02:40 PM
To avoid any confusion.... Default username and password? Does such a thing exist?

When you buy a router, it has a default user and password for the initial login. You are supposed to change it.

Many people don't. Or they think that just because it runs Linux, they're safe, not realizing that it doesn't matter what OS you run if everyone has the login password...

4 pages 1 2 3 4


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022