MulDrop

MulDrop is a Linux trojan first identified in late May 2017 targeting Raspberry Pi devices in an effort to mine cryptocurrency. When the Raspberry Pi user leaves SSH port 22 of their device open to external connections, the trojan can infect the device and change its password. MulDrop shuts down processes and installs libraries, including ZMap and SSHpass, and begins the process to mine cryptocurrency. It uses ZMap to scan the internet for other devices with port 22 open and, once found, attempts to login using sshpass and the username "pi," password "raspberry," attempting to find other Raspberry Pi single-board devices it can infect.

Technical Details

  • Dr. Web provides technical analysis for Linux MulDrop, here.