Security News > 2020 > December > Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices.
First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency.
Now, researchers have uncovered a new slew of attacks by the malware, starting on Nov. 10, which used a different GitHub repository to target web applications, IP cameras, routers and more.
"The wave of attacks used payloads from yet another GitHub repository, which contained a Linux cryptominer, a list of passwords for brute-force attempts and a statically linked Python 3.9 interpreter of unknown provenance," said researchers with Juniper Threat Labs in a Tuesday analysis.
A new sample discovered in Gitpaste-12's initial attack repository shows that the worm has expanded the breadth of those attack vectors.
News URL
https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
Related news
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)