Linux Malware Mines for Cryptocurrency Using Raspberry Pi Devices

A Linux trojan detected under the generic name of Linux.MulDrop.14 is infecting Raspberry Pi devices with the purpose of mining cryptocurrency.

According to Russian antivirus maker Dr.Web, the malware was first spotted online in the second half of May in the form of a script that contains a compressed and encrypted application.

Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.

Once a Raspberry Pi device is infected, the malware changes the password for the “pi” account to:

\$6\$U1Nu9qCp\$FhPuo8s5PsQlH6lwUdTwFcAUPNzmr0pWCdNJj.p6l4Mzi8S867YLmc7BspmEH95POvxPQ3PzP029yT1L3yi6K1

Read the full article here

Advertisements

New Attack Method Delivers Malware Via Mouse Hover

Mouseover’ technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.

Researchers have found a new form of attack that abuses the action of hovering over hyperlinked text and images in a Microsoft PowerPoint presentation.

Trend Micro researchers discovered the “mouseover” technique, used by a Trojan downloader also found in a spam campaign hitting EMEA businesses in the manufacturing, education, pyrotechnics, logistics, and device fabrication industries. The downloader they analyzed delivers a version of the OTLARD banking Trojan, also known as GootKit.

“This is the first occurrence of malware using the ‘hover’ method to initiate a download that we know of,” says Mark Nunnikhoven, Trend Micro’s VP of cloud security.

“While GootKit is known malware, businesses should be more concerned about this latest technique as it shows none of the usual indicators of an infected document,” he explains. This is novel because it abuses the previously safe user practice of hovering over a link before clicking.
Continue reading New Attack Method Delivers Malware Via Mouse Hover