Security News > 2020 > December > Gitpaste-12 Worm Widens Set of Exploits in New Attacks
The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices.
First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things devices, the botnet utilizes GitHub and Pastebin for housing malicious component code, has at least 12 different attack modules and includes a cryptominer that targets the Monero cryptocurrency.
Now, researchers have uncovered a new slew of attacks by the malware, starting on Nov. 10, which used a different GitHub repository to target web applications, IP cameras, routers and more.
"The wave of attacks used payloads from yet another GitHub repository, which contained a Linux cryptominer, a list of passwords for brute-force attempts and a statically linked Python 3.9 interpreter of unknown provenance," said researchers with Juniper Threat Labs in a Tuesday analysis.
A new sample discovered in Gitpaste-12's initial attack repository shows that the worm has expanded the breadth of those attack vectors.
News URL
https://threatpost.com/gitpaste-12-worm-widens-exploits/162290/
Related news
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Exploit released for Palo Alto PAN-OS bug used in attacks, patch now (source)
- Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation (source)
- Microsoft fixes a bug abused in QakBot attacks plus a second under exploit (source)