Security News > 2020 > December > Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices.
First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency.
Now, researchers have uncovered a new slew of attacks by the malware, starting on Nov. 10, which used a different GitHub repository to target web applications, IP cameras, routers and more.
"The wave of attacks used payloads from yet another GitHub repository, which contained a Linux cryptominer, a list of passwords for brute-force attempts and a statically linked Python 3.9 interpreter of unknown provenance," said researchers with Juniper Threat Labs in a Tuesday analysis.
A new sample discovered in Gitpaste-12's initial attack repository shows that the worm has expanded the breadth of those attack vectors.
News URL
https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
Related news
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)