Malware for Raspberry Pi can invade user’s network and infect connected devices

The Raspberry Pi may seem completely secure, but like any device connected to the Internet, the miniature computer is vulnerable to attacks that might threaten users’ sensitive data. Last week, a cybersecurity expert detailed new malware that affects these small devices.

John Hammond posted a video on his YouTube channel that explores the characteristics of an ancient trojan horse (“Trojan horse”, in literal translation) that can infect Raspeberry Pi models. It is a virus that tricks users into silently infiltrating systems and automatically propagating to other devices on the network.

O trojan in question has been known for years, but recently, a user expressed his suspicions that this malware was also exploiting his Raspberry Pi.

According to him, during typical use, the computer was connected to an SSH session — which allows secure communication between two devices over untrusted networks such as the Internet — for regarding thirty minutes when the session unexpectedly failed.

The incident repeated itself several times, and whenever the user tried to change the Raspberry Pi’s default username and password, the credentials were reset once the device was restarted.

After a reverse engineering investigation, Hammond discovered that this malware is a Remote Access Trojan (RAT) that can propagate to other devices through the user’s local network. The expert found references to this virus that date back to the year 2017.

Although it is a threat that has been actively exploited for years, it is important to point out that minicomputers can be vulnerable due to the default username and password that, sometimes, can remain unchanged even during the elaboration of a project, which facilitates the invasion of the operating system. of the Raspberry Pi.

The recommendation to avoid damage with the malware in question is to maintain the habit of changing the Raspberry Pi username and password — even during offline use.