Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Raspberry Pi Gets Offer to Pre-Install Malware

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

Raspberry Pi Foundation Receives Offer for Pre-Installing Malware

The Raspberry Pi Foundation revealed recently that it was offered money to pre-install malware on its Raspberry Pi devices.

The Raspberry Pi was developed as a simple computer that offers multiple basic functions but which can be used as part of various projects, courtesy of its increased flexibility. The device comes at a very low cost and has already seen significant traction, with over 4 million devices sold worldwide.

As it turns out, the increasing popularity of Raspberry Pi has attracted attention from malware distributors as well. According to a tweet posted by the Raspberry Pi Foundation last week, at least one distributor is looking into benefiting from the increasing popularity of these devices through having its software pre-installed on them.

The aforementioned tweet includes a screenshot of an email that Liz Upton, the Foundation’s director of communications, received from a so called “business officer” going by the name of Linda, who was offering money so that the Foundation would pre-install their malware on devices before shipping them to users. The software was offered in the form of an “.exe” file, and the distributor was offering “price per install.”

The aforementioned email revealed that the “.exe” file would create a desktop shortcut that allowed users to automatically log to the distributor’s website once they clicked on it. “Then this is our target,” the email continued. What’s more, Upton was asked to offer her “favorable and kind quotation about PPI (price per install).” 

Advertisement. Scroll to continue reading.

Most liklely, Linda was looking to have the offending file loaded and installed on Raspberry Pi 2 Model B devices, which can run Windows 10, hence the “exe” extension of the file. These devices are powered by a 900MHz quad-core ARM Cortex-A7 processor and support the full range of ARM GNU/Linux distributions as well, including Snappy Ubuntu Core.

While the Raspberry Pi 2 Model B, which replaced the original Raspberry Pi 1 Model B+ in February 2015, came at a $35 price, the Foundation launched their cheapest model last month, in the form of Raspberry Pi Zero, priced at only $5. Offering better performance than the first Raspberry Pi models, the two devices are expected to attract even more users to the project, which explains why bad actors are looking to profit from it as well.

The Raspberry Pi Foundation did not reveal the name of the organization that approached them, but called them “evildoers.” Some of the people commenting on the Foundation’s tweet, however, suggested that the website the email was referring to might be jogotempo[dot]com.

One thing that is certain, however, is the fact that the organization is not interested in the offer.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.