New Linux Trojans installs crypto currency mining software on Raspberry Pi
Click here to post a comment for New Linux Trojans installs crypto currency mining software on Raspberry Pi on our message forum
Raplapla
Thanks for the news, itβs interesting to know about Linux viruses (as a Linux user myself). But I donβt think many people who run an internet-accessible ssh server with the default login and password read guru3d π.
Ghosty
It's nice that they named it Linux. To avoid any confusion.... Default username and password? Does such a thing exist? Interesting read though. Thanks.
scoter man1
On the Raspberry Pi, yes. It's always User = rasberry, password = pi.
It's honestly pretty brilliant. Target linux newbies that have no idea of what they are doing.
Extraordinary
Other way around I think, User - pi, Pass - raspberry
RealNC
When you buy a router, it has a default user and password for the initial login. You are supposed to change it.
Many people don't. Or they think that just because it runs Linux, they're safe, not realizing that it doesn't matter what OS you run if everyone has the login password...
rl66
You can't count company with
name: admin and password: admin , 1234, 0000 etc
for critical equipement, it's more easy for both :banana: (message to the IT of those companies π )
Ghosty
I love making my passwd's as hard to remember as possible. Keeps me thinking.
schmidtbag
Normally no, such a thing doesn't exist, but most ARMv7 platforms (and many ARMv8) are an exception since they don't have a traditional way of installing an OS. There's no BIOS, there's not an MBR (in the traditional sense), and there's little to no POST process. As a result, you can't manually tell an ARM platform how and where to boot to, which also means you can't run an installer. What this means is you often need to download pre-built disk images and dd them to something the ARM board was pre-programmed to read from, such as an SD card.
That being said, someone basically has to dictate how the OS is set up, and you're then given a default username and password. Thankfully, many disk images are pretty barebone, where you're pretty much just given a command prompt and the essential Unix-like commands. That's the way I personally prefer my setups to be when doing a fresh new install.
Fender178
Or if you have a modded original Xbox the default User Name and password is both Xbox for FTPing files.
Very interesting that they would target something like this.
Ghosty
Yes it is. Rasberry PI would be the last product you would expect to be targeted by something like a targeted trojon.
schmidtbag
Not at all, Pis are used for all sorts of juicy content that people wouldn't want to give away to just anyone, such as cryptocurrency, webcams, source code, or personal files (many people use Pis as an NAS).
Ghosty
Shows how little I know then. π
Extraordinary
I run a RP3 as a NAS
Ghosty
https://images.duckduckgo.com/iu/?u=http%3A%2F%2Fwww.fondriestbici.cz%2Fwp-content%2F2009%2F12%2FRP3.jpg&f=1
Extraordinary
Yep, that looks exactly like my NAS
PrMinisterGR
An extraordinary NAS.
fredgml7
Ok, It's a Linux malware, but It's not a Linux fault. People should just block the default user and not allow direct root account login.
ender79
Is always a bad ideea to allow direct root login in linux. But is not so hard to change the user and pass for ftp,ssh... etc, even the port for ssh i'm changing from default 22 to what ever I want
