A micro target for a macro attack
Monday, April 16, 2018
News about new Trojans for Linux went virtually unnoticed. However, this news contains some very interesting facts. The Trojan doesn't just target Linux—it was specifically designed for Raspberry Pi computers. Cross-platform Trojans for Linux are no longer a rarity: well-crafted, versatile code that doesn't depend on specific hardware features can be compiled virtually under any platform.
Linux.LuaBot can infect devices possessing the following architectures: Intel x86 (and Intel x86_64), MIPS, MIPSEL, Power PC, ARM, SPARC, SH4, and M68k—in other words, not only computers, but also a wide array of routers, set-top boxes, network storages, IP cameras and other “smart” devices.
But for quite some time, malware authors were only interested in popular computers and devices: infecting them is easier because one can expect the software to operate the same way on the same types of devices.
Raspberry Pi is a whole different story. The single-board, ARM-based, bank-card-sized computer was designed for geeks, who use it to build robots.
Linux.MulDrop.14 targets solely Raspberry Pi computers. The Trojan is implemented as a script encasing a compressed rogue-miner application.
Our astute readers have already noticed that because the Trojan is implemented as a script, it doesn't have to rely on a specific environment to be run successfully. Since Raspberry Pi can run all sorts of operating systems, this feature is extremely important.
To infect systems with Linux.MulDrop.14, attackers scan networks for devices that have an open port 22 (utilised for encrypted SSH (Secure Shell) connections). If a host with an open port is found, the attackers attempt to log in using the default login and password (pi/raspberry).
#Linux #IoT #Trojan #mining #cryptography #securityThe Anti-virus Times recommends
-
Read the documentation that accompanies the devices you are using. Embedded systems have become so inexpensive that hardware manufacturers incorporate them into all sorts of devices.
I have an Arduino 3D printer at home. I plugged it in over USB, and it works just fine. However, when I finally took my time to read the manual, it turned out that it could be communicated with via the network, and that was definitely a surprise to me.
A user's comment
- Keeping default passwords is a recipe for disaster. Set a strong, new password for any device you purchase (or create).
- Linux.MulDrop.14 once again shows beyond a doubt that no platform is infection-proof and able to escape the attention of attackers.
Cybercriminals are interested in unprotected devices. And here Raspberry Pi is the undisputed leader—security is probably the last thing on the minds of those who use it. Also note that the Trojan's objective is to deploy mining code. Although Raspberry Pi hardware is not particularly powerful, attackers will go after these crumbs too.
If your children are interested in robotics, bear in mind that threat actors are already on the prowl in the digital world. Such is the world we live in.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
copyright
03:34:24 2019-03-24
Неуёмный Обыватель
01:21:46 2018-07-29
vasvet
07:15:45 2018-06-24
Wolf_78
06:55:38 2018-05-19