A trojan has been discovered that infects the best-selling Raspberry Pi computer and turns it into a machine for mining cryptocurrency.

The Linux.MulDrop.14 trojan targets Raspberry Pi boards running older versions of the default Raspbian OS, according to Russian security firm Doctor Web.

The trojan is a Bash script that, once run, changes the password on the device, then unpacks and launches a miner for the cryptocurrency Monero. It then begins trying to spread itself to other Pis on the local network, searching for devices with an open port 22 and connecting via SSH.

Those running Pi boards they bought this year or who have updated to latest version of the default Raspbian OS should be protected against the trojan, said Raspberry Pi co-creator Eben Upton.

Raspbian was updated towards the end of last year to switch off SSH by default and to warn users to change the default password, blocking the mechanism the trojan uses to spread itself.

Many Pis running older versions of the OS should also be protected against infection, due to routers blocking incoming connections over the internet. However they would be vulnerable if the script were run on another device on their local network.

More than 14 million Raspberry Pi boards have been sold, making the boards an increasingly tempting target for malware makers. Last month it was reported that almost half of the devices in the, relatively small, Rakos botnet were Raspberry Pi boards.

“We’re riding the curve that everyone rides when you make a popular product,” said Upton.

“As soon as you have more than a few million devices in the field you do become a target.”

He added that anyone with a Pi, dating right back to the original board released in 2012, can update to the latest version of the Raspbian OS to guard against the trojan.

The Raspberry Pi is in some ways a strange choice for a cryptocurrency mining trojan. The relatively low-power processor available on the Raspberry Pi, even in the highest specced Pi 3 Model B, makes it a poor machine for mining cryptocurrency according to those who’ve tried it, especially when compared to the effectiveness of using GPUs or ASICs (Application-Specific Integrated Circuits) tailored to the task.

It could be the attackers are relying on infecting sufficient numbers of Pi boards to achieve a decent return, which is easier for a newer currency such as Monero than for a well-established alternative such as Bitcoin. In the past there have been Bitcoin mining farms that used large number of Pi boards, although in this instance the Pi boards appeared to be managing Bitcoin-mining ASICs, rather than doing the mining themselves.

Read more about the Raspberry Pi