Recently, cybersecurity researchers have detected a new type of worm targeting Linux-based x86 servers and the Linux internet of things (IoT) devices. This new malware has been named Gitpaste-12, as it uses the GitHub, Pastebin, and other 12 ways that help it to compromise the system.
Juniper Threat Labs detected the first GitPaste-12 attacks on October 15, 2020; that’s why the cybersecurity researchers have reported both the Pastebin URL as well as the git repo. While here, the git repo was consummated on October 30, 2020.
This new worm can grow in an automatic manner that can begin to lateral spread within an association or to your hosts that are attempting to affect other networks all over the internet. And all this results in poor reliability for your organization.
In this malware, the first stage is related to the initial system that has been compromised. As Gitpaste-12 has 12 different known attack modules and more below development.
This worm always strive to use known exploits to negotiate the systems, and not only this, but it also attempts to brute force the passwords as well.
Once the malware is done with negotiating, it immediately sets up a cron job that it downloads from Pastebin, and later this job calls the same script and applies it again every minute. By doing this, all the updates regarding the cron job can easily be pushed to the botnet.
The malware starts up its cron job by setting the environment accordingly, which means it begins with stripping the system of its defenses, including firewall rules, SELinux, AppArmor, some common attack prevention, and monitoring software.
If we talk about the capability, then Gitpaste-12 malware includes a script that generally launches attacks toward other machines; its main motive is to replicate and spread thoroughly.
However, the Gitpaste-12 malware picks a random /8 CIDR for attack and then attempt all the addresses within that range.
Gitpaste-12 has some exploits that have been listed below:-
Many cybersecurity researchers have affirmed that worm malware are very annoying and troublesome. The worm malware is filled with several features and abilities; its main ability is to spread in an automated mode that can begin to lateral spread within an institution.
It can also spread to your hosts that have been trying to affect all other networks that are present on the internet; moreover, this worm provides the threat actors reverse shells.
And according to the security experts, there are some infected systems that are using TCP ports 30004 and 30005 open to listening for shell commands.
You can follow us on Linkedin, Twitter, Facebook for daily Cyber Security and hacking news updates.
Also Read: 6 Best Free Malware Analysis Tools to Break Down the Advanced Malware Samples – 2020
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…