Security Experts:

Connect with us

Hi, what are you looking for?



Raspberry Pi Gets Offer to Pre-Install Malware

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

The Raspberry Pi was developed as a simple computer that offers multiple basic functions but which can be used as part of various projects, courtesy of its increased flexibility. The device comes at a very low cost and has already seen significant traction, with over 4 million devices sold worldwide.

As it turns out, the increasing popularity of Raspberry Pi has attracted attention from malware distributors as well. According to a tweet posted by the Raspberry Pi Foundation last week, at least one distributor is looking into benefiting from the increasing popularity of these devices through having its software pre-installed on them.

The aforementioned tweet includes a screenshot of an email that Liz Upton, the Foundation’s director of communications, received from a so called “business officer” going by the name of Linda, who was offering money so that the Foundation would pre-install their malware on devices before shipping them to users. The software was offered in the form of an “.exe” file, and the distributor was offering “price per install.”

The aforementioned email revealed that the “.exe” file would create a desktop shortcut that allowed users to automatically log to the distributor’s website once they clicked on it. “Then this is our target,” the email continued. What’s more, Upton was asked to offer her “favorable and kind quotation about PPI (price per install).” 

Most liklely, Linda was looking to have the offending file loaded and installed on Raspberry Pi 2 Model B devices, which can run Windows 10, hence the “exe” extension of the file. These devices are powered by a 900MHz quad-core ARM Cortex-A7 processor and support the full range of ARM GNU/Linux distributions as well, including Snappy Ubuntu Core.

While the Raspberry Pi 2 Model B, which replaced the original Raspberry Pi 1 Model B+ in February 2015, came at a $35 price, the Foundation launched their cheapest model last month, in the form of Raspberry Pi Zero, priced at only $5. Offering better performance than the first Raspberry Pi models, the two devices are expected to attract even more users to the project, which explains why bad actors are looking to profit from it as well.

The Raspberry Pi Foundation did not reveal the name of the organization that approached them, but called them “evildoers.” Some of the people commenting on the Foundation’s tweet, however, suggested that the website the email was referring to might be jogotempo[dot]com.

One thing that is certain, however, is the fact that the organization is not interested in the offer.

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.