Therefore, this malware is known as Gitpaste-12 because of the usage of GitHub and Pastebin, also having at least 12 different attack modules. At the moment, targets include Linux based x86 servers, along with Linux ARM and MIPS based IoT devices. The first GitPaste-12 first attacks were detected by Juniper Threat Labs. The report released by Juniper Threat Labs reveals:
How does Gitpaste-12 spread?
After this initial phase, the worm seems to have a precise mission: it identifies known exploits and may attempt to brute force passwords. When a system is compromised, Gitpaste-12 sets up a cron job it downloads from Pastebin, which executes the same script again each minute. This efficient mechanism is most likely used to push cron jobs updates to the botnet. As already confirmed, the Gitpaste-12 malware also contains a script that launches attacks against other machines. It’s the way this worm tries to replicate, starting with random /8 CIDR attacks over all addresses within its range. Knowing the Gitpaste-12 location and the fact that it can spread that easily, are you about to keep on using GitHub? Let us know your thoughts on this in the comments area below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
