New Gitpaste-12 Worming Botnet Spreads via GitHub And Pastebin – Experts Perspectives

Free Services to help you during COVID-19 Learn More

Support Request a Demo Contact Us Blog

Security Experts | Informationsecuritybuzz.com

New findings were published today on the “Gitpaste-12” worm, which uses GitHub and Pastebin to store component code and has at least 12 different attack modules available to exploit a range of vulns. It relies on GitHub and Pastebin to download payloads, two sites that aren’t usually blocked and their connection is encrypted, making it more difficult for traditional security measures to block this attack. Current targets are Linux based x86 servers, and Linux ARM and MIPS based IoT devices.

EXPERTS COMMENTS
Saryu Nayyar

| November 06, 2020

Saryu Nayyar, CEO, Gurucul

The Gitpaste worm identified by Juniper Labs is interesting both in how it’s deployed and it’s targeting of Linux and IoT devices.

The Gitpaste worm identified by Juniper Labs is interesting both in how it’s deployed and it’s targeting of Linux and IoT devices. By using Pastebin and GitHub, two services that many organizations allow access to, the attackers are trying to slip through firewall and proxy rules that might otherwise stop them. However, there are multiple tools, including behavioral analytics, that can identify and block these connections, dramatically reducing the threat from this attack vector.

 

| November 06, 2020

Chloé Messdaghi, VP of Strategy, Point3 Security

Device and server misconfiguration issues like this can lead to automated worms infecting a large number of systems very quickly.

It’s called Gitpaste-12 because of the usage of GitHub, Pastebin and 12 known attack modules and possibly more under development. It’s a worm that attempts to use known exploits to compromise systems and may also attempt to brute force passwords.

Because some compromised systems have specific ports open, it spreads fast as you do not need to be an authorized user to send commands, and it can then spread to other devices on the same network or across the internet as well. Device and server misconfiguration issues like this can lead to automated worms infecting a large number of systems very quickly.

 

| November 06, 2020

Ax Sharma, Security Researcher, Ax Sharma

Sophisticated malware and cryptominer with a low or zero detection rate

As I reported on BleepingComputer, at the time of writing multiple files associated with Gitpaste-12 have a very low or zero detection rate. There’s an indication that the next iteration of Gitpaste-12 may resurface, and that speaks to how attackers are exploiting the trust within open-source ecosystems like GitHub and legitimate sites Pastebin. These sites are hard to block via enterprise perimeter security products given their very many business use-cases.

Gitpaste-12 does a lot of things. Like a “swiss knife” it comes loaded with exploits for 12 known vulnerability, mines Monero (XMR) cryptocurrency, targets Linux servers and IoTs, evades detection, spreads itself, and is expected to be seen again, as Juniper’s researchers concluded.

Worming Botnet Spreads
External Link: New Gitpaste-12 Worming Botnet Spreads via GitHub And Pastebin – Experts Perspectives

Share this page:

Related Posts