Posted on December 25, 2015 by CELO NET
Somebody Tried to Get a Raspberry Pi Exec to Install Malware on Its Devices
[h2]Somebody Tried to Get a Raspberry Pi Exec to Install Malware on Its Devices[/h2]
Liz Upton, the Director of Communications for the Raspberry Pi Foundation, has tweeted out a screenshot of an email where an unknown person has proposed that the Foundation install malware on all of its devices.
In the email, a person named Linda, is proposing Mrs. Upton an agreement where their company would provide an EXE file that installs a desktop shortcut, that when clicked redirects users to a specific website. (Raspberry Pi devices can run Windows as well, not just Linux variants.)
Linda from company Q[edited] is also inquiring Mrs. Upton about the Foundation’s PPI (Price per Install).
Judging from the lack of proper English used in the email, which is rare for Business Officers, as Linda claims to be, the email is surely from a person not associated with a professional firm.
There are many companies that function as intermediaries between malware distributors and legitimate businesses, either masquerading as advertising agencies or PR firms.
Just two weeks ago, a report from Digital Citizens Alliance and RiskIQ came out and estimated that torrent site operators made $70 million / €63.8 million per year from distributing malware to their visitors, either in the form of malvertising, or infected torrent files.
Companies tied to the open source community don’t fall for these emails
With the Raspberry Pi Foundation boasting about having a userbase of five million strong, malware distributors are certainly salivating at the chance of having their malicious code hidden somewhere in the firmware of one of the hottest gadgets on the market right now.
Raspberry Pi, the low cost, credit-card sized computer that’s been powering the Internet of Things (IoT) market, would allow hackers access to a much safer environment to operate from.
Since there is no security software currently that can run on IoT devices, a malware infection can linger for years, or until someone wipes the firmware, which is extremely rare in production environments.