Security News > 2020 > December > Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices.
First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency.
Now, researchers have uncovered a new slew of attacks by the malware, starting on Nov. 10, which used a different GitHub repository to target web applications, IP cameras, routers and more.
"The wave of attacks used payloads from yet another GitHub repository, which contained a Linux cryptominer, a list of passwords for brute-force attempts and a statically linked Python 3.9 interpreter of unknown provenance," said researchers with Juniper Threat Labs in a Tuesday analysis.
A new sample discovered in Gitpaste-12's initial attack repository shows that the worm has expanded the breadth of those attack vectors.
News URL
https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)