Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Raspberry Pi Gets Offer to Pre-Install Malware

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

The Raspberry Pi was developed as a simple computer that offers multiple basic functions but which can be used as part of various projects, courtesy of its increased flexibility. The device comes at a very low cost and has already seen significant traction, with over 4 million devices sold worldwide.

As it turns out, the increasing popularity of Raspberry Pi has attracted attention from malware distributors as well. According to a tweet posted by the Raspberry Pi Foundation last week, at least one distributor is looking into benefiting from the increasing popularity of these devices through having its software pre-installed on them.

The aforementioned tweet includes a screenshot of an email that Liz Upton, the Foundation’s director of communications, received from a so called “business officer” going by the name of Linda, who was offering money so that the Foundation would pre-install their malware on devices before shipping them to users. The software was offered in the form of an “.exe” file, and the distributor was offering “price per install.”

The aforementioned email revealed that the “.exe” file would create a desktop shortcut that allowed users to automatically log to the distributor’s website once they clicked on it. “Then this is our target,” the email continued. What’s more, Upton was asked to offer her “favorable and kind quotation about PPI (price per install).” 

Advertisement. Scroll to continue reading.

Most liklely, Linda was looking to have the offending file loaded and installed on Raspberry Pi 2 Model B devices, which can run Windows 10, hence the “exe” extension of the file. These devices are powered by a 900MHz quad-core ARM Cortex-A7 processor and support the full range of ARM GNU/Linux distributions as well, including Snappy Ubuntu Core.

While the Raspberry Pi 2 Model B, which replaced the original Raspberry Pi 1 Model B+ in February 2015, came at a $35 price, the Foundation launched their cheapest model last month, in the form of Raspberry Pi Zero, priced at only $5. Offering better performance than the first Raspberry Pi models, the two devices are expected to attract even more users to the project, which explains why bad actors are looking to profit from it as well.

The Raspberry Pi Foundation did not reveal the name of the organization that approached them, but called them “evildoers.” Some of the people commenting on the Foundation’s tweet, however, suggested that the website the email was referring to might be jogotempo[dot]com.

One thing that is certain, however, is the fact that the organization is not interested in the offer.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.