Connect with us

Cyber Security

Gitpaste-12 Adds New Features to its Arsenal

Published

on

Gitpaste-12, the worm that propagates via GitHub and uses GitHub and Pastebin to host malicious payload, is active again with new exploits. Earlier, the worm was found exploiting 12 vulnerabilities, and now it has returned with over 30 vulnerability exploits. This worm targets IoT devices, Linux systems, and open-source components.

Quick insights

The worm was first discovered in late-October, targeting Linux-based servers and IoT devices. 

  • The recent attacks use payloads hosted on a new GitHub repository, which includes a Linux-based cryptominer, a list of passwords for brute-force attacks, and a statically linked Python 3.9 interpreter.
  • The first phase of the worm’s initial system compromise still uses previously-disclosed vulnerabilities. However, a recent version of this worm expanded the extent of those attack vectors.
  • The recent sample, named X10-unix, is a UPX-packed binary created using the Go programming language. Compiled for x86_64 Linux systems, this variant exploits 31 known vulnerabilities.
  • Many of these targeted vulnerabilities are new, with some being disclosed as recently as September, such as those in vBulletin (CVE-2020-17496) and Tenda routers (CVE-2020-10987).

Other recent activities

Hackers can often be observed abusing vulnerabilities to gain access inside a targeted network or propagate their malware. Last month, the Gitpaste-12 malware was discovered exploiting eleven previously-disclosed vulnerabilities such as CVE-2017-5638, CVE-2013-5948, CVE-2020-10987, and more.

Conclusion

Cybercriminals will continue to attack organizations using new and updated malware that exploit vulnerable IoT and smart devices. Thus, experts recommended using a reliable anti-malware solution, regularly updating the operating system and applications, and updating and patching every IoT device.

Source: https://cyware.com/news/gitpaste-12-adds-new-features-to-its-arsenal-b4c23625

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO