Analyzing a malicious Raspberry Pi Bash script

Poison Dwarf

© Lead Image © Nelli Valova, 123RF.com

© Lead Image © Nelli Valova, 123RF.com

Article from Issue 224/2019
Author(s):

Analyze malware on hacked Raspberry Pis and create a signature to detect malware in log entries.

Raspberry Pis are being used more often by universities and scientific institutions, as well as for business computing. The small computers are often configured openly for easier usability, which means Rasp Pi users often execute every command with sudo without knowing the root password.

By default, the root has no password, but even if one were set, it does not have to be entered with sudo; therefore, the only difference between root and the pi user is that pi has to type sudo. In a learning environment for which the Raspberry Pi was designed, this is acceptable. In production use – especially when the computer can be accessed from the Internet – it is downright dangerous.

If you operate the Raspberry Pi without a monitor or keyboard (headless), you absolutely need SSH access. Although normally disabled, it is very easy to activate. If you do not change the default password of the pi user, then the computer is freely accessible over SSH. If it also turns out that the Raspberry Pi can be accessed through a firewall configuration that is too liberal or by way of port forwarding on the DSL router with an official IP address using port 22, you can expect someone to hack this computer. I had the opportunity to examine two such compromised Raspberry Pis.

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Trojan Turns Raspberry Pi into a Cryptocurrency Mining Device

    Two trojans in the wild are targeting Linux machines.

    more »
  • Workspace: Pi-Based Backup

    With some creativity and a little scripting, you can easily turn your Raspberry Pi into an effective backup device.

    more »
  • Nmap Scripting

    Nmap is rolling out a new scripting engine to automatically investigate vulnerabilities that turn up in a security scan. We’ll show you how to protect your network with Nmap and NSE.

    more »
  • One-Time Passwords

    A one-time password won't compromise security if it falls in the wrong hands. OPIE and OTPW bring the safety of one-time password security to Linux.

    more »
  • detLFS

    The detLFS project provides an ideal foundation for compiling Linux from source code, either to experience the fundamentals of how Linux works or to prepare an operating system for a project with very specific requirements.

    more »
comments powered by Disqus