If you are using a Raspberry Pi and did not set up two factor authentication or even worse, never changed the default passwords on the system then there is a very good chance you are mining for someone other than yourself. There is a new piece of malware out there, in addition to the many which already exist, targeting Raspberry Pi machines and recruiting them into a mining group, instead of the usual usage which is to enlist them in a botnet for DDOS attacks. Hack a Day has some additional suggestions, over and above the glaringly obvious recommendation to not keep default passwords; at least in this particular case they are not hard coded into the system.
"According to Russian security site [Dr.Web], there’s a new malware called Linux.MulDrop.14 striking Raspberry Pi computers. In a separate posting, the site examines two different Pi-based trojans including Linux.MulDrop.14. That trojan uses your Pi to mine some form of cryptocurrency. The other trojan sets up a proxy server."
Here is some more Tech News from around the web:
- Ta-ta, security: Bungling Tata devs leaked banks' code on public GitHub repo, says IT bloke @ The Register
- Why Ethereum Is Outpacing Bitcoin @ Slashdot
- WiMax routers from Huawei and ZTE are vulnerable to authentication bypass attacks @ The Inquirer
- Mac ransomware author is giving away malicious code to script kiddies @ The Register
- Biostar, ASRock, Colorful see rising demand for mining motherboards, says paper @ DigiTimes
- Move over, Stuxnet: Industroyer malware linked to Kiev blackouts @ The Register