Linux worm turns Raspberry Pis into cryptocurrency mining bots

Originally published at:

Worth mentioning I think that Raspberry Pis now come with ssh disabled by default, they warn you when you switch it on and annoy you continually until you change the root password. They could maybe still do better, though.

I bet not counting libraries this worm isn’t even a hundred lines of code.


This feels more like a proof of concept than anything practical. The Raspberry Pi is a fine machine, but it’s not exactly a speed demon. Bitcoin miners now largely use custom hardware to try to keep pace with the ever-increasing cost of mining blocks. The page about non-specialized hardware doesn’t even list the Broadcom GPU installed in current Pis, but I’d be willing to be that it’s significantly slower than anything shown on that page. My gut feeling is that even if you recruit tens of thousands of Pis, you will probably be waiting a long time for your Bitcows to come home.


I would also have to wonder just how many Pis are placed on the open internet. In most cases, someone would have to take specific steps to make their Pi’s SSH port generally available.

And if the user hasn’t obeyed the warnings to change the password, they’re unlikely to have created a separate user account on the Pi… so immediately changing the password on the account most likely to be actively used seems like a rookie move, too.

(I’ll admit, I have a Pi that I haven’t changed the pass on… but it’s also on a NATted and firewalled network, so someone would have to jump through other hoops before they reached that target)

1 Like

It’s like the kid who sells lemonade for $1,000,000 a cup: they might not make many sales, but all it takes is just one.


Experts say the initial infection takes place when Raspberry Pi operators leave their devices’ SSH ports open to external connections.

Well… yeah, that’s technically true, “experts”, but the actual issue is that people don’t change the default password! Implying that leaving ssh enabled is the “bad thing” that users did to cause the initial infection is like saying that the device needed to be powered on. While true, not especially helpful.


I find myself wondering, what if that headline was not about electronics?


Sociopathic primates still con billions of others into participating in gamed economy in order to “win” obscure instinctive ritual


Don’t keep default passwords.
Don’t leave ports open if you don’t have to.
Put machines behind a router and only forward what you need to.
Guard that router.

Good advice for any computers, thermostats, cams or fridges.




It’s not mining Bitcoins. Big splash in a small new pond? Or perhaps it’s a better computational match?

Doctor Web’s virus analysts said the Raspberry Pi malware mines Monero, a lesser-known, but increasingly popular cryptocurrency for dark-web drug markets.


So these Pis got hacked to mine some second rate crytocurrency? Pffft.


Possibly inspired by the antics of Wiggins in the Sprawl trilogy?

Another protection is to run one of the many OSes available for the Pi, like LibreElec, that have different default credentials.

Maybe somebody got a pile of pis they wanted to try mining with just for fun, and wrote themself a quick script so they could plug in the rest and not have to manually configure them all.

So much for their secure password.

1 Like

The whole point might be to get “monero” in the news to pump the price?


I figured it was dogecoin…

1 Like

If you don’t have a spare screen or don’t want to use the GUI at all, you can save an empty text file called ssh at the root level after you burn the flash card and that allows you to ssh in with the default password.

That had me stumped for a little while when I was trying to set one up in headless mode as a pi-hole on our home network. I was used to just using the default login (and then changing it) and then I couldn’t …

Learn from my mistake. :slight_smile:


“Crypto currency”(aside from it’s other entertaining characteristics) I’d like forex on speed. More or less anyone can start their own with close to zero effort(more work to do a slightly novel one, practically drag and drop to spin a variant of an existing one) and enjoy the vastly easier early stage mining; but that only helps if the can convince anyone else to care, at which point increased interest causes mining difficulty to spike; sometimes to the point where even being free-as-in-stolen doesn’t make it cost effective.

Fun to watch, doesn’t really inspired one to wade in.


It’s sort of a pity that the rPi is dangling between ‘geek toy’ and ‘supposed to be capable of a programming intro in a box’.

Not that it can’t be both (and is, at least to some extent); but the former use case would be much better served by more attention to the administrative opportunities created by the fact that the boot volume starts life mounted on a host machine of some sort; and can be modified there; while the latter mostly demands being easy to set up with an interactive console.

Because it’s Linux, no particularly special support is required to allow tinkering with the FS on a different system; but it doesn’t get mentioned in the documentation as often as it might, despite offering various handy options.