Gitpaste-12 malware is targetting you through GitHub

by Loredana Harsana

Managing Editor

Loredana is a passionate writer with a keen interest in PC hardware and technology. She started off writing about mobile phones back when Samsung Galaxy S II was on top of the world and she...

Posted at: November 6 2020

Affiliate Disclosure

5

Share

X

Gitpaste-12 is a recently discovered worm that uses GitHub and Pastebin for housing component codes and exploiting over 12 vulnerabilities.

Therefore, this malware is known as Gitpaste-12 because of the usage of GitHub and Pastebin, also having at least 12 different attack modules.

At the moment, targets include Linux based x86 servers, along with Linux ARM and MIPS based IoT devices.

The first GitPaste-12 first attacks were detected by Juniper Threat Labs. The report released by Juniper Threat Labs reveals:

The first phase of the attack is the initial system compromise. (…) This worm has 12 known attack modules and more under development. 

How does Gitpaste-12 spread?

After this initial phase, the worm seems to have a precise mission: it identifies known exploits and may attempt to brute force passwords.

When a system is compromised, Gitpaste-12 sets up a cron job it downloads from Pastebin, which executes the same script again each minute.

This efficient mechanism is most likely used to push cron jobs updates to the botnet. As already confirmed, the Gitpaste-12 malware also contains a script that launches attacks against other machines.

It’s the way this worm tries to replicate, starting with random /8 CIDR attacks over all addresses within its range.

Knowing the Gitpaste-12 location and the fact that it can spread that easily, are you about to keep on using GitHub? Let us know your thoughts on this in the comments area below.