Anti-virus vendor Dr. Web has found something nasty: malware named “Linux.MulDrop.14” that turns the Raspberry Pi into a cryptocurrency mining machine.
tl;dr
Change the default username/password on your RaspberryPi.
Story @ The Register
Technical Analysis @ DrWeb
While changing the default password, and even username, is standard practice for many IT professionals, many home users may not realise the need for this. As the RaspberryPi is also marketed as a learning aid for children wanting to get into programming or computers in general, not all parents may be aware of what the child has done with the device.
Make sure you change the default password on any new RaspberryPi device you receive and ensure the person using it understands why this is required.
Sludge