The Raspberry Pi Foundation made a shocking revelation, someone has offered cash to install a malware into its tiny computers.
Yes, the news is unbelievable, but Liz Upton, the Foundation’s director of communications, disclosed the content of an email from a “business officer” called Linda, who promised a “price per install” for a suspicious executable file.
“Amazing. This person seems to be very sincerely offering us money to install malware on your machines,” said Liz.
The name of the company represented by Linda was not disclosed, anyway the news is disconcerting.
The analysis of the email reveals the presence of numerous imperfections, a circumstance that suggests that the author is not an English-speaking individual.
Amazing. This person seems to be very sincerely offering us money to install malware on your machines. pic.twitter.com/1soL0MIc5Z
— Raspberry Pi (@Raspberry_Pi) 23 Dicembre 2015
The circumstance raises one again the question about the necessity of hardware validation, the possibility that a persistent attacker installs malicious implants and software onto consumer devices is a serious threat.
Someone is willing to pay to distribute malware, sometimes the developer directly inserts unauthorized code in their software, but in the majority of cases the malware is served by a third-party with the intent to compromise end-customer’s devices.
The offer to the Raspberry Pi Foundation is concrete and seems to be authentic, the choice of a tiny computer is strategic for attackers that could compromise an impressive number of users considering that the foundation has sold more than five million Raspberry Pi devices to date.
Obviously the The Raspberry Foundation declined the offer.
(Security Affairs – Raspberry Pi Foundation , malware)