A recently discovered botnet called Gitpaste – 12 has made its return with a new attack campaign that targets web applications, IP cameras, and routers.
Researchers discovered Gitpaste -12 in October this year.
- The name of the malware originates from Github and Pastebin which are used for propagation and 12 different exploits for previously-known vulnerabilities. The flaws are related to Apache Struts, Asus routers, Webadmin plugin for opendreambox, and Tendo routers.
- The botnet is equipped with commands that allow it to run a cryptominer that targets the Monero cryptocurrency.
- Along with these features, the worming capabilities of Gitpaste-12 enable the botnet to replicate and spread silently across systems.
The latest update –
- After its discovery, researchers identified a new wave of attacks from the botnet in the first half of November. Web applications, IP cameras, routers, and more were found to be the target of this attack.
- The attack was carried out by using a new version of Gitpaste-12 that includes exploits for at least 31 vulnerabilities, out of which 12 are borrowed from the previous version.
- The newly acquired sample is called X10-unix and is a UPS-packed binary written in Go language, compiled for x86_64 Linux system.
- The malware also attempts to compromise open Android Debug Bridge connections and existing malware backdoors among its other capabilities.
Botnets that blend with worm capabilities are precarious in nature because of their ability to spread in an automated fashion. This can lead to its lateral spread within an organization, ultimately affecting other networks across the internet and impacting the reputation of an organization.
To read more, please check eScan Blog
