Security Experts:

Raspberry Pi Gets Offer to Pre-Install Malware

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

The Raspberry Pi was developed as a simple computer that offers multiple basic functions but which can be used as part of various projects, courtesy of its increased flexibility. The device comes at a very low cost and has already seen significant traction, with over 4 million devices sold worldwide.

As it turns out, the increasing popularity of Raspberry Pi has attracted attention from malware distributors as well. According to a tweet posted by the Raspberry Pi Foundation last week, at least one distributor is looking into benefiting from the increasing popularity of these devices through having its software pre-installed on them.

The aforementioned tweet includes a screenshot of an email that Liz Upton, the Foundation's director of communications, received from a so called “business officer” going by the name of Linda, who was offering money so that the Foundation would pre-install their malware on devices before shipping them to users. The software was offered in the form of an “.exe” file, and the distributor was offering “price per install.”

The aforementioned email revealed that the “.exe” file would create a desktop shortcut that allowed users to automatically log to the distributor’s website once they clicked on it. “Then this is our target,” the email continued. What’s more, Upton was asked to offer her “favorable and kind quotation about PPI (price per install).” 

Most liklely, Linda was looking to have the offending file loaded and installed on Raspberry Pi 2 Model B devices, which can run Windows 10, hence the “exe” extension of the file. These devices are powered by a 900MHz quad-core ARM Cortex-A7 processor and support the full range of ARM GNU/Linux distributions as well, including Snappy Ubuntu Core.

While the Raspberry Pi 2 Model B, which replaced the original Raspberry Pi 1 Model B+ in February 2015, came at a $35 price, the Foundation launched their cheapest model last month, in the form of Raspberry Pi Zero, priced at only $5. Offering better performance than the first Raspberry Pi models, the two devices are expected to attract even more users to the project, which explains why bad actors are looking to profit from it as well.

The Raspberry Pi Foundation did not reveal the name of the organization that approached them, but called them “evildoers.” Some of the people commenting on the Foundation’s tweet, however, suggested that the website the email was referring to might be jogotempo[dot]com.

One thing that is certain, however, is the fact that the organization is not interested in the offer.

view counter