Raspberry Pi users that have installed Linux on their mini and have never change the default password for the standard Raspberry Pi user, ow is the time to make sure it’s changed.
It seems that a new malware is making its rounds on Raspberry Pi mini PCs in the form of Cryptocoin Mining Malware and is exploiting the simple fact but a number of users apparently have never changed this password during the setup process.
Once Cryptocoin installs itself, it exploits the recent rise in value on cryptocurrency (Bitcoin recently topped $3000 per BTC) to mine cryptocoins for the authors benefit. The Tech Power Up website explains more:
This not only uses almost 100% of your poor Raspberry Pi’s limited CPU, but also makes it part of a “mining botnet” that nets the controller money, adding insult to injury. The malware also makes an anonymous proxy on your box, which needless to say is probably not a good thing.
You might think you are safe behind a firewall, but with the rise of IPv6 on many ISPs and the fact that many older firewalls are not IPv6 ready, you may be surprised to find your SSH port is in fact exposed on the internet whether you know it or not via a global IPv6 address, NAT isn’t a guarantee anymore, folks. It is in fact best to actually have a strong, non-default password on your box, even if it is just a little ARM-core.
Make sure your Raspberry Pi master user password is changed from the default to stop any such activity on your Raspberry Pi project.
Source: BleepingComputer : TPU