Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules.
Juniper Threat Labs has discovered a new worming botnet boasting of multiple ways of spreading itself and infecting IoT devices and Linux servers. Researchers believe that this hacking campaign may have multiple stages.
The malware is dubbed Gitpaste-12 because it uses GitHub and Pastebin for framing the component code and has 12 different attack modules. Out of these 12, 11 are known vulnerabilities, found in Netlink and Huawei routers and even in Apache Struts and MongoDB.
See: Apache Struts & SonicWall’s GMS exploits key targets of Mirai & Gafgyt IoT malware
Gitpaste-12 is targeting cloud computing infrastructure. However, the objective behind this campaign is yet unknown. It can compromise systems through brute force attacks and obtains default or common usernames and passwords.
After using one of the 12 vulnerabilities, the malware downloads scripts from Pastebin to provide commands before downloading a new set of instructions from a GitHub depositary. It switches off all security defenses, such as monitoring software or firewalls, to avoid detection.
Anatomy of Gitpaste-12
The first attacks of the malware were discovered on 15 Oct 2020. Juniper Threat Labs’ cybersecurity researchers reported the Pastebin URL and the git repo, which was closed by 30 Oct 2020 to stop the botnet’s proliferation.
The worm targets Linux-based x86 servers and ARM and MIPS CPUs based Linux IoT devices and adds them to its army of botnets. It contains commands to disable cloud security servic ..
Support the originator by clicking the read the rest link below.
![[DiyOtaku] Gives Old Devices A New Life](upload/news/image_1714723213_17994018.png)
