The Raspberry Pi Foundation was offered cash to smuggle malware onto its bargain-basement credit-card-size computers, we’re told.
Liz Upton, the Foundation’s director of communications, today revealed an email from a “business officer” called Linda, who promised a “price per install” for a suspicious executable file. “Amazing. This person seems to be very sincerely offering us money to install malware on your machines,” said Liz.
The name of the company Linda claimed to represent was redacted, so we are unable to check the veracity of the offer. Plus the email, dated Wednesday, does contain a number of odd details – like writing
exe. rather then
.exe, and using “u” in place of “you.” Some of the language also points to someone whose first language is not English.
It’s fair to say Linda’s approach wasn’t exactly professional. However, the offer seems genuine, and it shines a light on the murky world of paid-for malware distribution.
There are countless examples of software nasties being installed on systems via unrelated applications – toolbars and spyware bundled with legit-looking apps, mainly. Sometimes the developer directly plants the dodgy code, but more often than not the malware comes from a third-party willing to pay for access to PCs and devices.
While some malware is relatively benign and easy to remove, others severely compromise computers – allowing them to hold files to ransom, snoop on passwords, hide within operating systems, and so on. Some ad-injecting software nasties even come bundled with new PCs, right, Lenovo?
More than five million Raspberry Pis have been sold to date, which is quite an install base. The Foundation declined Linda’s offer, and described her company as “evildoers.”
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.