Linux.MulDrop.14 looks to be a simple piece of malware, but what it does wouldn’t be acceptable by any RPi owner. After scanning for RPis with an open (and default) SSH port, the “pi” user is logged into (if the password is left default), and the password is subsequently changed. After that, the malware installs ZMap and sshpass software, and then it configures itself.
The real kicker is the fact that because your hardware running at peak load by someone else’s doing means that you’re paying money so that someone else can fill their digital wallet, adding insult to injury.
When malware like this rises to the surface, a common thought is that “hopefully the bug will be patched soon”, but in this case, there’s no real bug – it’s just a matter of a password being left at its default.
